i have a question regarding the chart command. I am trying to execute a search splunk command that shows both the count and percentage of the count in one chart command: so here is an example of splunk command that currently only shows the count and the total count: source="xyz" http_status_code | chart count by path_template, http_status_code | addtotals col=t This command shows each count of the http_status_code (y axis) and the path_template (x axis) and showing the total of the counts of all the http_status_code. Now i need to add the percentage (count/total) of each count when i know the number of counts. e.g. 40 (5%) or something like that. How would i do that using chart? Thanks!
I am trying to create the similar error generating alerts in my tmdb app however its not being captured in splinkd.log file and hence unable to proceed with this demo. Can you suggest anything on this
Can you make it as table. I have one field contain timestamp on my first field. The condition I want to build, should not send same alert for the userid.
Hi, is it possible to throttle/trigger with multiple fields/value . For ex : we have 3 fields called Time, Device Name and AlertGroup 1st alert : Time : 08:00:00, Device Name is ABC and AlertGroup is Down 2nd alert : Time : 08:00:55, Device Name is XYZ and AlertGroup is Down 3rd alert : Time : 08:01:00, Device Name is ABC and AlertGroup is Up 4th alert : Time : 08:07:00, , Device Name is XYZ and AlertGroup is Up Now in this situation i dont want to trigger an alert/notification if we are receiving the alert with same device name with Down and Up with in 2 mins window. So if we compare with above ex: in this case 1st alert and 3rd alert should get ignored because its having same device name with different alertgroup. Can you please help with this condition to suppress/throttle.
Hi sir, i am just going through your classes, i want to create triggered alert for my created server i am unable to understand how to write search alert command.
I think you need to create custom alert action here which will send the details to rundeck calling its api. Please have a look at my custom alert action videos to get an idea.
Thanks for the efforts you put towards making splunk tutorials; I bet no one can explain this way even if we pay for them!!!
No one can demo like you in real time. Simply awesome.. Thanks . keep up the good work.
Thanks Vikas..... Please share this channel with your colleagues who work on splunk.
Excellent Explanation Sid, your sessions are more insightful and you teach a concept patiently that even a lame person can understand in-depth.
This was more helpful for me even now . Great Work Sid
Really awesome bro with real time.. Thankyou
Very good tutorial,
Thank you Sid.
Thx man 🙂
i have a question regarding the chart command. I am trying to execute a search splunk command that shows both the count and percentage of the count in one chart command: so here is an example of splunk command that currently only shows the count and the total count: source="xyz" http_status_code | chart count by path_template, http_status_code | addtotals col=t This command shows each count of the http_status_code (y axis) and the path_template (x axis) and showing the total of the counts of all the http_status_code. Now i need to add the percentage (count/total) of each count when i know the number of counts. e.g. 40 (5%) or something like that. How would i do that using chart? Thanks!
I am trying to create the similar error generating alerts in my tmdb app however its not being captured in splinkd.log file and hence unable to proceed with this demo. Can you suggest anything on this
Can you make it as table. I have one field contain timestamp on my first field. The condition I want to build, should not send same alert for the userid.
Awsm Thanks you Sid :-)
Hi, is it possible to throttle/trigger with multiple fields/value .
For ex : we have 3 fields called Time, Device Name and AlertGroup
1st alert : Time : 08:00:00, Device Name is ABC and AlertGroup is Down
2nd alert : Time : 08:00:55, Device Name is XYZ and AlertGroup is Down
3rd alert : Time : 08:01:00, Device Name is ABC and AlertGroup is Up
4th alert : Time : 08:07:00, , Device Name is XYZ and AlertGroup is Up
Now in this situation i dont want to trigger an alert/notification if we are receiving the alert with same device name with Down and Up with in 2 mins window. So if we compare with above ex: in this case 1st alert and 3rd alert should get ignored because its having same device name with different alertgroup.
Can you please help with this condition to suppress/throttle.
I think the best way will be handling this situation inside the alert query itself.
Hi sir, i am just going through your classes, i want to create triggered alert for my created server i am unable to understand how to write search alert command.
Thank you! Helpful!
Thank you❤
Sir i'm havving doubt ..how to integrate splunk alert into rundeck to fix the issue...
I think you need to create custom alert action here which will send the details to rundeck calling its api. Please have a look at my custom alert action videos to get an idea.