Sourcetype=”mint:network” statusCode=*| stats count(eval(match(failed,”False”))) AS Successes, count(eval(match(failed,”True”))) AS Failures BY carrier| addcoltotals labelfield=”Total Failures” Adding the qualifier “labelfield=” will accomplish this: These search results total the Successful and Failures of sales transactions per carrier. There is also an option to create a label for the totals. Sourcetype=”mint:network” statusCode=*| stats count(eval(match(failed,”False”))) AS Successes, count(eval(match(failed,”True”))) AS Failures BY carrier| addcoltotals ![]() With searches with more than one numerical column, addcoltotals will add both. In this search: Now someone who uses this report will recognize the total number of failures that customers are experiencing over all cellular carriers. Sourcetype=”mint:network” statusCode>200 failed=true | stats count AS Failures BY carrier | addcoltotals You can see that there are values associated with the report. By adding | addcoltotals at the end of the command, the total number of failures is easily recognized. Sourcetype=”mint:network” statusCode>200 failed=true | stats count AS Failures BY carrier How to Use the Splunk addcoltotals CommandĪs previously mentioned, this command organizes numeric data and is simplistic in its use.Ĭonsider the following search that will track transaction failures by cellular carrier:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |