user3318024
Reputation: 13
Splunk Query to fetch the data for API and respective response code with success and failure for yesterday
index="db" "Market"=Country_name getsim Postsim getset
| rename ResultCode as RC
| eval Status = case(like(RC, "200"),"Error")
| timechart span=1d count(Status) as total, count(eval(Status="Failure")) as Failure,count(eval(Status="Success")) as Success, count(eval(Status="Error")) as Error
| eval percent_failure=round(((Failure/total)*100),2)
| eval percent_ok=round(((Success/total)*100),2)
| eval percent_error=round(((Error/total)*100),2)
| fields - total
| rename percent_error as Error, percent_ok as Success, percent_failure as Failure
| fields _time Failure Error Success
i wants the data in below format for yesterday, however API can vary in my query so Query need to produce result with API and their respone code with success and failure %
API Response Code Success% Failure%
getsim 200 99% 1%
getsim 400 80 20
postsim 200 99% 2%
postsim 400 80 20
I require to create dashboard with the help of this query.
Upvotes: 0
Views: 49
Answers (0)
Related Questions
- Split the data of splunk query with number pattern
- Write splunk query to fetch the number of working days greater than zero
- Create Splunk Chart/Table with start and end logs to check Success/Failures
- Regular Expression for different api url and renaming the resultant events in splunk
- When ever a particular search query matches in splunk i would like to send the search result to a rest api
- Data ingestion with HTTP Event Collector in Splunk Web vs data ingestion using Splunk REST API
- Setting a specific time interval in Splunk dashboard to get results from
- splunk query to concatenate status code for every hour
- Splunk - Get Prefefined Outputs Based on the event count and event data
- Query to find the unique code in splunk