query splunk query joining 2 data tables
1 database — columns a, b c,
2 database – columns d , e, f.
Splunk search with wildcard in field name
I need to see all events with fields that have “PROD*” in name, e.g. “PROD deploy”, “PROD update”, etc.
index=myIndex sourcetype=mySourceType "PROD*"="*" doesn’t work
..and if event has “PROD*” in field name I need to get the value
How is it possible?
Splunk – how to create a splunk search and alert with these conditions below to send emails?
These are the criterias that we have –
Splunk Logs for Faster Queries, with Category Boolean true
We are writing Log Statements in Java, and reviewing the info and exception alerts.
The team is then conducting a Splunk Search count of log statements by Category.
splunk results per day and overall
I have a splunk query that gives me the average, max and percentile 95 per day of a field. I would like to add one more row on the results with the overall values.
ie
timechart span=1d avg(field), max(field), exactperc95(field)
Querying count of specific events in splunk
My application’s log is accessible through Splunk and some code in my application responds to specific webhook events from Kubernetes for example validate and mutate.
I want to know the occurrence of validate and mutate requests being executed in a specific time frame. For example , in last 1 hour, total count of mutate is 100 and validate is 110.
How do I get this from splunk log (which has its own web interface). I am totally new to Splunk and only can perform some pattern search etc.