![]() ![]() join JSESSIONID usetimetrue earlierfalse search indexmain sourcetypelog4j transaction. If I replace method or payment method with app_id then I get the some result. To do it, you have to do a transaction following the next model search transaction common value between events startswith' keyvalue of a parameter of the first event' endswith' keyvalue of a parameter of the second event' Example With this example, we want to check the duration between the log L1 and the log L4. It is used to return events from the website access log. The queries above (and few more queries which I found on internet) doesn't produce any result. What is the Transaction command in Splunk The transaction command allows Splunk users to locate events that match certain criteria. Im just using the time field to sort the date. So far I have figured out how to find just the first and last event for a given time range but if the time range is 5 days Ill get the earliest event for the first day and the last event on the last day. Unfortunately Splunk doesn't seem to recognize payment method or method. I would like to find the first and last event per day over a given time range. | chart count(eval(method=CREDITCARD)) AS CREDITCARD count(eval(method=DIRECTDEBIT)) AS DIRECTDEBIT count(eval(method=GPAY )) AS GPAY by brand | chart count over brand by "payment method" Index = app_name_foo sourcetype = app "Payment request to app_name_foo for brand" The transactions are then piped into the concurrency command, which counts the number of events that occurred at the same time based on the timestamp and duration of the transaction. I need to find some way to return true or maybe one from query 2 and use that in query 1 to group the results, but I am unable to due to lack of. What I have tried so far: index = app_name_foo sourcetype = app "Payment request to app_name_foo for brand" Two runs (one Windows and one Linux) Windows run has 0 errors (none found in query 2) Linux has 6 errors (found in query 2) This should result in the following results: Platform Amount Linux 1. I am trying to get a table something like below: BRAND | CREDITCARD | DIRECTDEBIT | GPAY ![]() Payment request to app_name_foo for brand: B2, app_id: A4, some param: blah, another param: blahblahblah, payment method: GPAY, last param: someuniquestring Events with the same JSESSIONID will be grouped together into a single event. An additional field named eventcount is created. An additional field named duration is created. Payment request to app_name_foo for brand: B2, app_id: A1, some param: blah, another param: blahblahblah, payment method: CREDITCARD, last param: someuniquestring An additional field named maxspan is created. Payment request to app_name_foo for brand: B2, app_id: A3, some param: blah, another param: blahblahblah, payment method: GPAY, last param: someuniquestring Payment request to app_name_foo for brand: B1, app_id: A2, some param: blah, another param: blahblahblah, payment method: GPAY, last param: someuniquestring I have some log events in Splunk which appears something like following: Payment request to app_name_foo for brand: B1, app_id: A1, some param: blah, another param: blahblahblah, payment method: CREDITCARD, last param: someuniquestring ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |