SlideShare a Scribd company logo

Splunk Search

Download as PPTX, PDF
Eashwar Raghunathan
Eashwar Raghunathan

Real time examples of splunk search language.

Technology
1 of 9
Splunk Search Real time examples www.about.me/eashwar
error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort -uri Refere is the parent url. Transaction is a command to group a equal field/value pairs. Grouping referer Above is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
sourcetype=access_* | chart avg(bytes) by _time | sort -_time
sourcetype=access_* | chart avg(bytes) over _time by status OVER is a new key word i am using. When I user it I get the results in x, and y axis . The results can be differentiated by different Status.
sourcetype=access* | chart max(bytes) AS Transfer over clientip by action If feel more data, and we need little add | head 20 after access* . This will act as a filter function
sourcetype="access_*" | contingency clientip category_id | sort -total

Recommended

Applications of Stack in DSA
Applications of Stack in DSAApplications of Stack in DSA
Applications of Stack in DSAAftab Mirza
 
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Time_Series_Assignment
Time_Series_AssignmentTime_Series_Assignment
Time_Series_AssignmentKOUSHIK RAKSHIT
 
Ecm time series forecast
Ecm time series forecastEcm time series forecast
Ecm time series forecastAyapparaj SKS
 
Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala feng1212
 
Graphs
GraphsGraphs
GraphsSaijalBakhtyapuri
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial databaseIshraq Al Fataftah
 

Recommended

Applications of Stack in DSA
Applications of Stack in DSAApplications of Stack in DSA
Applications of Stack in DSAAftab Mirza
 
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Time_Series_Assignment
Time_Series_AssignmentTime_Series_Assignment
Time_Series_AssignmentKOUSHIK RAKSHIT
 
Ecm time series forecast
Ecm time series forecastEcm time series forecast
Ecm time series forecastAyapparaj SKS
 
Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala feng1212
 
Graphs
GraphsGraphs
GraphsSaijalBakhtyapuri
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial databaseIshraq Al Fataftah
 
Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydatadave west
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for AirlineAnurag Shandilya
 
Graphs
GraphsGraphs
GraphsKhun Khru
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control toolsmmaninderkkaur
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning GraphAware
 
Lesson13
Lesson13Lesson13
Lesson13GeorgeLasluisa
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with rasterTOUSEEF3347
 
Data handling
Data handlingData handling
Data handlingRayna2002
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GISGopalKharka
 
What's new in Calc and Chart
What's new in Calc and ChartWhat's new in Calc and Chart
What's new in Calc and ChartAlexandro Colorado
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Ali Osman Öncel
 
Beta factor analysis
Beta factor analysisBeta factor analysis
Beta factor analysisMohomed Hisham Shariff
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using RMeghna Baid
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysisDr. N. Asokan
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...devopsdaysaustin
 
Group functions
Group functionsGroup functions
Group functionssehrishishaq1
 
9-Figures in LaTex
9-Figures in LaTex9-Figures in LaTex
9-Figures in LaTexSaritaBopalkar
 
Chance and data
Chance and dataChance and data
Chance and datas0157946
 
Aggregate fact tables
Aggregate fact tablesAggregate fact tables
Aggregate fact tablesSiddique Ibrahim
 
Report design
Report designReport design
Report designSeanDukes2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

More Related Content

What's hot

Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydatadave west
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for AirlineAnurag Shandilya
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control toolsmmaninderkkaur
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning GraphAware
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with rasterTOUSEEF3347
 
Data handling
Data handlingData handling
Data handlingRayna2002
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GISGopalKharka
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Ali Osman Öncel
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using RMeghna Baid
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysisDr. N. Asokan
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...devopsdaysaustin
 
Chance and data
Chance and dataChance and data
Chance and datas0157946
 

What's hot (20)

Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydata
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for Airline
 
Graphs
GraphsGraphs
Graphs
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control tools
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning
 
Lesson13
Lesson13Lesson13
Lesson13
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster
 
Data handling
Data handlingData handling
Data handling
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GIS
 
What's new in Calc and Chart
What's new in Calc and ChartWhat's new in Calc and Chart
What's new in Calc and Chart
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method
 
Beta factor analysis
Beta factor analysisBeta factor analysis
Beta factor analysis
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using R
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysis
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
 
Group functions
Group functionsGroup functions
Group functions
 
9-Figures in LaTex
9-Figures in LaTex9-Figures in LaTex
9-Figures in LaTex
 
Chance and data
Chance and dataChance and data
Chance and data
 
Aggregate fact tables
Aggregate fact tablesAggregate fact tables
Aggregate fact tables
 
Report design
Report designReport design
Report design
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Splunk Search

  • 1. Splunk Search Real time examples www.about.me/eashwar
  • 2. error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
  • 3. source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort -uri Refere is the parent url. Transaction is a command to group a equal field/value pairs. Grouping referer Above is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
  • 4.
  • 5. sourcetype=access_* | chart avg(bytes) by _time | sort -_time
  • 6.
  • 7. sourcetype=access_* | chart avg(bytes) over _time by status OVER is a new key word i am using. When I user it I get the results in x, and y axis . The results can be differentiated by different Status.
  • 8. sourcetype=access* | chart max(bytes) AS Transfer over clientip by action If feel more data, and we need little add | head 20 after access* . This will act as a filter function
  • 9. sourcetype="access_*" | contingency clientip category_id | sort -total