Your SlideShare is downloading. ×
Splunk Search
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Splunk Search

669

Published on

Real time examples of splunk search language. …

Real time examples of splunk search language.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
669
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Splunk Search Real time examples www.about.me/eashwar
  • 2. error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) )| timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
  • 3. source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort-uriRefere is the parent url.Transaction is a command to group a equal field/value pairs. Grouping refererAbove is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
  • 4. sourcetype=access_* | chart avg(bytes) by _time | sort -_time
  • 5. sourcetype=access_* | chart avg(bytes) over _time by statusOVER is a new key word i am using.When I user it I get the results in x, and y axis . The results can be differentiated by differentStatus.
  • 6. sourcetype=access* | chart max(bytes) AS Transfer over clientip by actionIf feel more data, and we need little add | head 20 after access* . This will act as a filter function
  • 7. sourcetype="access_*" | contingency clientip category_id | sort -total

×