Videos

  • Add Videos
  • View All

Top Content 

1 Count failures and success via transaction

Count failures and success via transaction

Latest Activity

Michael Wilde replied to Nikita's discussion Count failures and success via transaction
"How are these transactions linked together... by a field called "ID"?  If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it.   Paste some samples and…"
17 hours ago
Linus Myrefelt updated their profile
Tuesday
Marie updated their profile
Monday
Marie is now a member of splunkninja
Monday
Welcome Them!
Profile IconJitter and matthew arguin joined splunkninja
May 18
Profile IconMatthew Carter and Nikita joined splunkninja
May 17
Nikita posted a discussion

Count failures and success via transaction

Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More
May 17
1 Comment
Andrea Judy is now a member of splunkninja
May 16
Welcome Them!

asking for OS recommendation: install on Unix or Windows?

Hi,

I am going to use Splunk to monitor a group of log files;  they are currently stored in Windows servers.

Disregarding that the logging system is in Windows, I can choose between these environments for my Splunk installation:

  A) Unix - HPUX Itanium
  B) VMWare Windows Server 2003 64bits 4GB memory

Would you recommend one over the other?

Thanks,
Marcelo

Tags: OS, install

Views: 17

Reply to This

Replies to This Discussion

Permalink Reply by Michael Wilde on March 24, 2010 at 12:36pm
64 bit is a general rule. Then, which ever indexer has the fastest disk I/O

also, you can always use both. Have forwarders send to both and use distributed search. More servers=more capability.
Permalink Reply by Marcelo Finkielsztein on March 24, 2010 at 12:48pm
Thanks.

I would not have thought of two servers. Will have to think about it.

I was more concerned about stability, bugs, ... that type of thing.
I am running already a Windows server and I have had some crashes, and non-explained failures.
Not much i am glad to say. Just some.

As I am using a free licence, I cannot demand a fast answer from Splunk support upon any problem.
This is why i started evaluating the migration from Windows to Unix.

Nobody needs to raise here the old subject: "Unix Vs Windows". I believe we all can accept Unix provides a more stable environment.

Maybe my original question should have been:
Is Splunk a more solid, reliable software when it works on Unix?

Thank you!
marcelo
Permalink Reply by Michael Wilde on March 24, 2010 at 2:12pm
stability has gotten Waaay better on windows. Performance only slightly better on unix. as far as time in the market, Windows wins over HP-UX (been available for about a month)
Permalink Reply by Marcelo Finkielsztein on March 24, 2010 at 2:27pm
I am staying on Windows, then.

Many thanks Michael.
Marcelo

RSS

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service