Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Splunk Search


Published on

Real time examples of splunk search language.

Published in: Technology
  • Be the first to comment

Splunk Search

  1. 1. Splunk Search Real time examples
  2. 2. error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) )| timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
  3. 3. source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort-uriRefere is the parent url.Transaction is a command to group a equal field/value pairs. Grouping refererAbove is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
  4. 4. sourcetype=access_* | chart avg(bytes) by _time | sort -_time
  5. 5. sourcetype=access_* | chart avg(bytes) over _time by statusOVER is a new key word i am using.When I user it I get the results in x, and y axis . The results can be differentiated by differentStatus.
  6. 6. sourcetype=access* | chart max(bytes) AS Transfer over clientip by actionIf feel more data, and we need little add | head 20 after access* . This will act as a filter function
  7. 7. sourcetype="access_*" | contingency clientip category_id | sort -total