Index=jra_app_events sourcetype=eventing appVersion=TKTSYS TKTSYS* | transaction startswith="Entry Ticket system " endswith="Exit Ticket system" | eval ticketgrp=case(like(_raw, "%TicketgrpA%"), "A", like(_raw, "%TicketgrpB%"), "B", like(_raw, "%TicketgrpC%"), "C") | stats count by SalesUser, ticketgrpĪny help would highly appreciated. I want to display them so that each ticket group count is shown grouped for each user. Depending on your search criteria and how you want to define your groupings, you may be able to use a search command, such as append, associate, contingency, join, or stats. counts are showing combined for all ticketgroups for each user. Use transactions to identify and group related events You can also use field lookups and other features of the search language. I used below query and it is showing under statistics as below but not showing ticketgrp in the graph. I cant find in the documentation whether the transaction grouping creates any variable I can then subsequently filter on. This is because the eval function always. Note the use of sum instead of count in the stats commands. Here is a complete example using the internal index. Splunk Course for Anyone who want to improve and progress in Splunk.Course Link. To get counts for different time periods, we usually run separate searches and combine the results. To put multiple values in a cell we usually concatenate the values into a single value. I believe the 'transaction' command groups the users together who share the common attribute. via 'transaction) however I only want to display results where there is more than x events per transaction. Splunk tables usually have one value in each cell. UPDATE WITH PICTURE TO CLARIFY DESIRED OUTCOME. TKTSYS* will fetch all the event logs - entry, exit and Sales User. I want to group search results by user & srcip (eg. I would like to show in a graph - Number of tickets purchased by each user under each group. D atabase monitoring, or database performance monitoring, is the practice of monitoring databases in real time. indexwineventlog EvenCode IN (4728,4729) This will find all the events where a user was either added or removed to a security-enabled group. Every ticket purchase will have the below entry and exit log and user name in between.Įntry Ticket system TicketgrpA ticketnbr = 1232424Įxit Ticket system TicketgrpA ticketnbr = 1232424Įntry Ticket system TicketgrpB ticketnbr = 1234353ĮxitTicket system TicketgrpB ticketnbr = 1234353Įntry Ticket system TicketgrpC ticketnbr = 1232434Įxit Ticket system TicketgrpC ticketnbr = 1232434 Database Monitoring: Basics & Introduction. Basically, youre to aggregate the number of transactions per payment method for each brand. My system logs every ticket purchased under each ticket group by each user as below.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |