Videos

  • Add Videos
  • View All

Top Content 

1 Count failures and success via transaction

Count failures and success via transaction

Latest Activity

Michael Wilde replied to Nikita's discussion Count failures and success via transaction
"How are these transactions linked together... by a field called "ID"?  If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it.   Paste some samples and…"
17 hours ago
Linus Myrefelt updated their profile
Tuesday
Marie updated their profile
Monday
Marie is now a member of splunkninja
Monday
Welcome Them!
Profile IconJitter and matthew arguin joined splunkninja
May 18
Profile IconMatthew Carter and Nikita joined splunkninja
May 17
Nikita posted a discussion

Count failures and success via transaction

Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More
May 17
1 Comment
Andrea Judy is now a member of splunkninja
May 16
Welcome Them!
Bill Selig
  • Seattle, WA
  • United States
Share on Facebook Share on Facebook Share Twitter

Bill Selig's Discussions

How do I recognize a time in epoch seconds?
1 Reply

Total newbie here.I have a data file (a few lines…Continue

Tags: epoch, time

Started this discussion. Last reply by Bill Selig Oct 27, 2010.

 

Bill Selig's Page

Gifts Received

Gift

Bill Selig has not received any gifts yet

Give Bill Selig a Gift

Latest Activity

Bill Selig replied to Bill Selig's discussion How do I recognize a time in epoch seconds?
"With help from discussion on "splunk answers" and LOST of trial/error it appears that you to have to use sourcetype and not just [source::] in etc/system/local/props.conf: [tns-stats] TIME_FORMAT=%s AND, then you have to define the…"
Oct 27, 2010
Bill Selig posted a discussion

How do I recognize a time in epoch seconds?

Total newbie here.I have a data file (a few lines here):1280718483,204.28.227.23:53;5;5.49;13;2183;2183;0;0;0-2103;2-0;3-48;5-32;15-0;*-0;2183;0;0;0;01280718543,204.28.227.23:53;5;5.75;6;16;16;0;0;0-16;2-0;3-0;5-0;15-0;*-0;16;0;0;0;01280804716,204.28.227.23:53;4;6.74;77;2412;2412;0;0;0-2332;2-0;3-48;5-32;15-0;*-0;2410;2;0;0;01280804776,204.28.227.23:53;5;5.57;14;2391;2391;0;0;0-2343;2-0;3-0;5-48;15-0;*-0;2391;0;0;0;0The actual file has 500+ lines (events?) going back several months.The first…See More
Oct 26, 2010
1 Comment
Bill Selig is now a member of splunkninja
Oct 26, 2010
Welcome Them!

Profile Information

Are you an existing splunk user?
Not yet
What do you do for your day job?
Sftw Devlpr

Comment Wall

  • No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service