Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show status of two urls of which one is printed in logs and other should have default value in a table format?

sid1808
Loves-to-Learn
‎07-31-2022 12:51 AM

Hi I have a task to display the Status of two of the urls in the following table format :

URL Name In Usage Status
http://lonmd1273241:4001/gmsg-mds/ Yes Up
http://sfomd1273241:4001/gmsg-mds/ No Up

 

The http://lonmd1273241:4001/gmsg-mds/ is printed in live logs for the application and the http://sfomd1273241:4001/gmsg-mds/ is not printed in logs. Can someone please help with a query to cretae such a table in a dashboard. Status code is also printed in logs  for http://lonmd1273241:4001/gmsg-mds/  which is used to display status column.

Any help with query to produce such a dashboard would be help full 

Labels (6)
Labels
0 Karma
Reply

sid1808
Loves-to-Learn
‎07-31-2022 11:19 AM

Got your point but how to display this as a table format

 

0 Karma
Reply

martinpu
Communicator
‎07-31-2022 12:32 PM

stats command results in tabular results.

It depends on your data format, the query assumes your search outputs a field with name  'URL name' and contains a field with name Status.

Try running the query with the 
| search index=your_index your_keywords 
to see if you get results

and then add the stats command to the end and see if there are results from that.

Probably your fields are named differently or your base query doesn't get the results you want.

0 Karma
Reply

martinpu
Communicator
‎07-31-2022 03:49 AM

Make a lookup file with the URL names in format: 

URL name
http://lonmd1273241:4001/gmsg-mds/
http://sfomd1273241:4001/gmsg-mds/



| inputlookup gmsg-mds_urls.csv
| join 'URL name'
[ search your query 
| stats latest(Status) as Status, count as appearance_count by 'URL name']
| eval  'In Usage'=if(appearance_count>0, "Yes","No")
| table 'URL name' 'In Usage' Status


If the values 'In Usage' & Status are to be retrieved from the logs then you need the URL to also be in logs.
If you need additional URLs to be visible then modify the lookup file to add them, they should be an exact match otherwise the join will not work.

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...