SlideShare a Scribd company logo

Splunk Search

Download as PPTX, PDF
Eashwar Raghunathan
Eashwar Raghunathan

Real time examples of splunk search language.

Technology
1 of 9
Splunk Search Real time examples www.about.me/eashwar
error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort -uri Refere is the parent url. Transaction is a command to group a equal field/value pairs. Grouping referer Above is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
sourcetype=access_* | chart avg(bytes) by _time | sort -_time
sourcetype=access_* | chart avg(bytes) over _time by status OVER is a new key word i am using. When I user it I get the results in x, and y axis . The results can be differentiated by different Status.
sourcetype=access* | chart max(bytes) AS Transfer over clientip by action If feel more data, and we need little add | head 20 after access* . This will act as a filter function
sourcetype="access_*" | contingency clientip category_id | sort -total

Recommended

Applications of Stack in DSA
Applications of Stack in DSAApplications of Stack in DSA
Applications of Stack in DSA
Aftab Mirza
 
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Alexey Kovyazin
 
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Alexey Kovyazin
 
Time_Series_Assignment
Time_Series_AssignmentTime_Series_Assignment
Time_Series_Assignment
KOUSHIK RAKSHIT
 
Ecm time series forecast
Ecm time series forecastEcm time series forecast
Ecm time series forecast
Ayapparaj SKS
 
Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala
feng1212
 
Graphs
GraphsGraphs
Graphs
SaijalBakhtyapuri
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial database
Ishraq Al Fataftah
 

Recommended

Applications of Stack in DSA
Applications of Stack in DSAApplications of Stack in DSA
Applications of Stack in DSA
Aftab Mirza
 
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Alexey Kovyazin
 
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Alexey Kovyazin
 
Time_Series_Assignment
Time_Series_AssignmentTime_Series_Assignment
Time_Series_Assignment
KOUSHIK RAKSHIT
 
Ecm time series forecast
Ecm time series forecastEcm time series forecast
Ecm time series forecast
Ayapparaj SKS
 
Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala
feng1212
 
Graphs
GraphsGraphs
Graphs
SaijalBakhtyapuri
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial database
Ishraq Al Fataftah
 
Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydata
dave west
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for Airline
Anurag Shandilya
 
Graphs
GraphsGraphs
Graphs
Khun Khru
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control tools
mmaninderkkaur
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning
GraphAware
 
Lesson13
Lesson13Lesson13
Lesson13
GeorgeLasluisa
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster
TOUSEEF3347
 
Data handling
Data handlingData handling
Data handling
Rayna2002
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GIS
GopalKharka
 
What's new in Calc and Chart
What's new in Calc and ChartWhat's new in Calc and Chart
What's new in Calc and Chart
Alexandro Colorado
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method
Ali Osman Öncel
 
Beta factor analysis
Beta factor analysisBeta factor analysis
Beta factor analysis
Mohomed Hisham Shariff
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using R
Meghna Baid
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysis
Dr. N. Asokan
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
devopsdaysaustin
 
Group functions
Group functionsGroup functions
Group functions
sehrishishaq1
 
9-Figures in LaTex
9-Figures in LaTex9-Figures in LaTex
9-Figures in LaTex
SaritaBopalkar
 
Chance and data
Chance and dataChance and data
Chance and data
s0157946
 
Aggregate fact tables
Aggregate fact tablesAggregate fact tables
Aggregate fact tables
Siddique Ibrahim
 
Report design
Report designReport design
Report design
SeanDukes2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 

More Related Content

What's hot

ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control tools
mmaninderkkaur
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning
GraphAware
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method
Ali Osman Öncel
 

What's hot (20)

Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydata
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for Airline
 
Graphs
GraphsGraphs
Graphs
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control tools
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning
 
Lesson13
Lesson13Lesson13
Lesson13
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster
 
Data handling
Data handlingData handling
Data handling
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GIS
 
What's new in Calc and Chart
What's new in Calc and ChartWhat's new in Calc and Chart
What's new in Calc and Chart
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method
 
Beta factor analysis
Beta factor analysisBeta factor analysis
Beta factor analysis
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using R
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysis
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
 
Group functions
Group functionsGroup functions
Group functions
 
9-Figures in LaTex
9-Figures in LaTex9-Figures in LaTex
9-Figures in LaTex
 
Chance and data
Chance and dataChance and data
Chance and data
 
Aggregate fact tables
Aggregate fact tablesAggregate fact tables
Aggregate fact tables
 
Report design
Report designReport design
Report design
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

Splunk Search

  • 1. Splunk Search Real time examples www.about.me/eashwar
  • 2. error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
  • 3. source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort -uri Refere is the parent url. Transaction is a command to group a equal field/value pairs. Grouping referer Above is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
  • 4.
  • 5. sourcetype=access_* | chart avg(bytes) by _time | sort -_time
  • 6.
  • 7. sourcetype=access_* | chart avg(bytes) over _time by status OVER is a new key word i am using. When I user it I get the results in x, and y axis . The results can be differentiated by different Status.
  • 8. sourcetype=access* | chart max(bytes) AS Transfer over clientip by action If feel more data, and we need little add | head 20 after access* . This will act as a filter function
  • 9. sourcetype="access_*" | contingency clientip category_id | sort -total