8/6/2023 0 Comments Splunk stats vs eventstats![]() ![]() I have been reading the Splunk docs on stats and eventstats and so far not come up with an answer on my own. | table date exceptionCount dailyEventCountĮither of the two stats commands above works independently and populates the respective columns of the final table, but the two together fail, and give me any empty table with no data. | eval exceptionPct=round(exceptionCount/dailyEventCount*100,2) | stats count as exceptionCount by date exception Like(exception, "Disconnected from node%"), Like(exception, "%has passed since batch creation"), ![]() Like(exception,"%which is larger than%"), | eval exception=case( isnull(exception), I can get either count fairly easily but I am struggling to get both counts so that I can calculate the required percentage. Please share your feedback/queries in the comments section below.My mandate is to calculate the percent of one class of exceptions as a function of all events. We will soon be adding more Q&A in the next post in this series. So, if there’s any seek pointer or CRC that has been already read, splunkd will point it out. The Splunk Indexer keeps track of all the indexed events in a directory – the Fishbuckets directory that contains seek pointers and CRCs for all the files being indexed presently.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |