"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Nikita posted a discussionCount failures and success via transaction
Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More
Colin Dick's Discussions
Searching hosts matching regex and not matching regex
4 Replies
Hi there, New to Splunk, please bare with me ;). I have all my hosts set to IP addresses. I want to search and get a list of all the hosts matching a certain pattern and then another search to…Continue
Started this discussion. Last reply by Ralph Avery May 29, 2011.
Gifts Received
Colin Dick has not received any gifts yet
Colin Dick's Page
Latest Activity
Ralph Avery replied to Colin Dick's discussion Searching hosts matching regex and not matching regex"I think this is what you want...
* | regex host="(?=\b10\.[12]\.123\.2\b)" | stats count by host | sort by host* | regex host!="(?=\b10\.[12]\.123\.2\b)" | stats count by host | sort by host"
Michael Wilde replied to Colin Dick's discussion Searching hosts matching regex and not matching regex"There are a couple of other simple ways to approach this.
You might consider using "tags".
I suspect there's something important about certain hosts, ex (1.2.3.202 might be a webserver, and 1.2.3.210 might be an…"
Colin Dick replied to Colin Dick's discussion Searching hosts matching regex and not matching regex"Thanks Skeeter for reminding me about wildcards. It helped initially.
Still working on some searches. The wildcard search is now too generic. I want to be able to determine if I have any unknown hosts. I currently have…"
Skeeter Murphy replied to Colin Dick's discussion Searching hosts matching regex and not matching regex"Try the following... also, you don't put 'search' at the beginning of a search phrase unless it's later in the pipeline.
host="10.1.*.2" OR host="10.2.*.2" | dedup host | table host
NOT…"
Colin Dick posted a discussionSearching hosts matching regex and not matching regex
Hi there, New to Splunk, please bare with me ;). I have all my hosts set to IP addresses. I want to search and get a list of all the hosts matching a certain pattern and then another search to get a list not matching the pattern. search host=(regex 10.1.xxx.2 or 10.2.xxx.2) | count host by hostsearch host!=(regex 10.1.xxx.2 or 10.2.xxx.2) | count host by host I am hoping to be able to have output look similar to: 10.1.123.210.2.123.2 And: 192.168.1.210.5.6.7 Thanks for helping a…See More
Profile Information
- Are you an existing splunk user?
- Licensed
- What do you do for your day job?
- Network Analyst
Comment Wall
- No comments yet!
© 2012 Created by Michael Wilde.
