Skip to content

Instantly share code, notes, and snippets.

@henriquelemos0

henriquelemos0/SplunkCommands.md

Last active January 6, 2020 12:04
Show Gist options
  • Save henriquelemos0/2610436fc47a4fd3518d988278a7888e to your computer and use it in GitHub Desktop.
Save henriquelemos0/2610436fc47a4fd3518d988278a7888e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SplunkCommands.md

Splunk Commands

Timechart

Count two fields and show ratio

index="abc" 
mycontroller MethodName=name1 OR MethodName=name2 
| timechart count(eval(MethodName="name1")) as method1count count(eval(MethodName="name2")) as method2count span=1h 
| eval ratio=((method1count/method2count)*10000)

Count the concat of two fields

index="abc" 
mycontroller#methodname 
| eval finalField=(field1.":".field2)
| timechart count by finalField
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment