Reputation: 699
Splunk - counting numeric information in events
I'm very new to Splunk and wanted to know if the following was possible: I'm trying to set up a dashboard of how many times we had to retry a call to a service. I am currently logging the following text:
number of retries required 0
The number of retries required can vary from 0 to 3
Is there an easy way to query this and display how many times it was either 0, 1, 2 or 3?
Thanks.
Upvotes: 0
Views: 112
Answers (1)
Reputation: 2303
The gist of it is that you need to extract that piece of information into a field and than analyze that field according to your wishes (i.e. via timechart, chart, stats, etc.) Here are two different ways:
- you can use the Field Extractor to extract and create a new field from the retries count. This is the recommended long-term option.
use the
rexcommand to extract and define a new field inline.search * | rex field=_raw ".+retries required (?<retries>\d)$"
Then you can chart them over time by appending | timechart retries or use the stats command to do some other calculations.
Upvotes: 3
Related Questions
- Extracting a count from raw splunk data by id
- Count and sum in splunk
- Splunk: count by Id
- Sum of count with Splunk
- How to count the total number of events in a splunk search result?
- Splunk - Get Prefefined Outputs Based on the event count and event data
- How to count specific value occurrences in the same field?
- splunk query for counting based on regex
- How to count results in Splunk and put them in a table?
- Splunk Query Count of Count