- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to show status of two urls of which one is...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to show status of two urls of which one is printed in logs and other should have default value in a table format?
Hi I have a task to display the Status of two of the urls in the following table format :
| URL Name | In Usage | Status |
| http://lonmd1273241:4001/gmsg-mds/ | Yes | Up |
| http://sfomd1273241:4001/gmsg-mds/ | No | Up |
The http://lonmd1273241:4001/gmsg-mds/ is printed in live logs for the application and the http://sfomd1273241:4001/gmsg-mds/ is not printed in logs. Can someone please help with a query to cretae such a table in a dashboard. Status code is also printed in logs for http://lonmd1273241:4001/gmsg-mds/ which is used to display status column.
Any help with query to produce such a dashboard would be help full
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got your point but how to display this as a table format
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stats command results in tabular results.
It depends on your data format, the query assumes your search outputs a field with name 'URL name' and contains a field with name Status.
Try running the query with the
| search index=your_index your_keywords
to see if you get results
and then add the stats command to the end and see if there are results from that.
Probably your fields are named differently or your base query doesn't get the results you want.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Make a lookup file with the URL names in format:
| URL name |
| http://lonmd1273241:4001/gmsg-mds/ |
| http://sfomd1273241:4001/gmsg-mds/ |
| inputlookup gmsg-mds_urls.csv
| join 'URL name'
[ search your query
| stats latest(Status) as Status, count as appearance_count by 'URL name']
| eval 'In Usage'=if(appearance_count>0, "Yes","No")
| table 'URL name' 'In Usage' Status
If the values 'In Usage' & Status are to be retrieved from the logs then you need the URL to also be in logs.
If you need additional URLs to be visible then modify the lookup file to add them, they should be an exact match otherwise the join will not work.
Get the T-shirt to Prove You Survived Splunk University Bootcamp
Introducing the Splunk Community Dashboard Challenge!
Wondering How to Build Resiliency in the Cloud?
