SlideShare a Scribd company logo

Splunk Search

Download as PPTX, PDF
Eashwar Raghunathan
Eashwar Raghunathan

Real time examples of splunk search language.

Technology
1 of 9
Splunk Search Real time examples www.about.me/eashwar
error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort -uri Refere is the parent url. Transaction is a command to group a equal field/value pairs. Grouping referer Above is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
sourcetype=access_* | chart avg(bytes) by _time | sort -_time
sourcetype=access_* | chart avg(bytes) over _time by status OVER is a new key word i am using. When I user it I get the results in x, and y axis . The results can be differentiated by different Status.
sourcetype=access* | chart max(bytes) AS Transfer over clientip by action If feel more data, and we need little add | head 20 after access* . This will act as a filter function
sourcetype="access_*" | contingency clientip category_id | sort -total

Recommended

Applications of Stack in DSA
Applications of Stack in DSAApplications of Stack in DSA
Applications of Stack in DSAAftab Mirza
 
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Time_Series_Assignment
Time_Series_AssignmentTime_Series_Assignment
Time_Series_AssignmentKOUSHIK RAKSHIT
 
Ecm time series forecast
Ecm time series forecastEcm time series forecast
Ecm time series forecastAyapparaj SKS
 
Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala feng1212
 
Graphs
GraphsGraphs
GraphsSaijalBakhtyapuri
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial databaseIshraq Al Fataftah
 

Recommended

Applications of Stack in DSA
Applications of Stack in DSAApplications of Stack in DSA
Applications of Stack in DSAAftab Mirza
 
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)
Firebird: cost-based optimization and statistics, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Understandung Firebird optimizer, by Dmitry Yemanov (in English)
Understandung Firebird optimizer, by Dmitry Yemanov (in English)Alexey Kovyazin
 
Time_Series_Assignment
Time_Series_AssignmentTime_Series_Assignment
Time_Series_AssignmentKOUSHIK RAKSHIT
 
Ecm time series forecast
Ecm time series forecastEcm time series forecast
Ecm time series forecastAyapparaj SKS
 
Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala Computational Finance with Map-Reduce in Scala
Computational Finance with Map-Reduce in Scala feng1212
 
Graphs
GraphsGraphs
GraphsSaijalBakhtyapuri
 
Optimizing spatial database
Optimizing spatial databaseOptimizing spatial database
Optimizing spatial databaseIshraq Al Fataftah
 
Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydatadave west
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for AirlineAnurag Shandilya
 
Graphs
GraphsGraphs
GraphsKhun Khru
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control toolsmmaninderkkaur
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning GraphAware
 
Lesson13
Lesson13Lesson13
Lesson13GeorgeLasluisa
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with rasterTOUSEEF3347
 
Data handling
Data handlingData handling
Data handlingRayna2002
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GISGopalKharka
 
What's new in Calc and Chart
What's new in Calc and ChartWhat's new in Calc and Chart
What's new in Calc and ChartAlexandro Colorado
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Ali Osman Öncel
 
Beta factor analysis
Beta factor analysisBeta factor analysis
Beta factor analysisMohomed Hisham Shariff
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using RMeghna Baid
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysisDr. N. Asokan
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...devopsdaysaustin
 
Group functions
Group functionsGroup functions
Group functionssehrishishaq1
 
9-Figures in LaTex
9-Figures in LaTex9-Figures in LaTex
9-Figures in LaTexSaritaBopalkar
 
Chance and data
Chance and dataChance and data
Chance and datas0157946
 
Aggregate fact tables
Aggregate fact tablesAggregate fact tables
Aggregate fact tablesSiddique Ibrahim
 
Report design
Report designReport design
Report designSeanDukes2
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

More Related Content

What's hot

Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydatadave west
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for AirlineAnurag Shandilya
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control toolsmmaninderkkaur
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning GraphAware
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with rasterTOUSEEF3347
 
Data handling
Data handlingData handling
Data handlingRayna2002
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GISGopalKharka
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Ali Osman Öncel
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using RMeghna Baid
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysisDr. N. Asokan
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...devopsdaysaustin
 
Chance and data
Chance and dataChance and data
Chance and datas0157946
 

What's hot (20)

Geolectioxydata
GeolectioxydataGeolectioxydata
Geolectioxydata
 
Sales Data Forecasting for Airline
Sales Data Forecasting for AirlineSales Data Forecasting for Airline
Sales Data Forecasting for Airline
 
Graphs
GraphsGraphs
Graphs
 
ITFT - Quality control tools
ITFT - Quality control toolsITFT - Quality control tools
ITFT - Quality control tools
 
Graph-Powered Machine Learning
Graph-Powered Machine Learning Graph-Powered Machine Learning
Graph-Powered Machine Learning
 
Lesson13
Lesson13Lesson13
Lesson13
 
03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster03 sajjad ali -qgis working with raster
03 sajjad ali -qgis working with raster
 
Data handling
Data handlingData handling
Data handling
 
spatial interoplation in GIS
spatial interoplation in GISspatial interoplation in GIS
spatial interoplation in GIS
 
What's new in Calc and Chart
What's new in Calc and ChartWhat's new in Calc and Chart
What's new in Calc and Chart
 
Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method Horizontal-to-Vertical Spectral Ratio Seismic Method
Horizontal-to-Vertical Spectral Ratio Seismic Method
 
Beta factor analysis
Beta factor analysisBeta factor analysis
Beta factor analysis
 
Portland oregon riders monthly data Using R
Portland oregon riders monthly data Using RPortland oregon riders monthly data Using R
Portland oregon riders monthly data Using R
 
Spread sheetanalysis
Spread sheetanalysisSpread sheetanalysis
Spread sheetanalysis
 
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
2016 - IGNITE - Terraform to go from Zero to Prod in less than 1 month and TH...
 
Group functions
Group functionsGroup functions
Group functions
 
9-Figures in LaTex
9-Figures in LaTex9-Figures in LaTex
9-Figures in LaTex
 
Chance and data
Chance and dataChance and data
Chance and data
 
Aggregate fact tables
Aggregate fact tablesAggregate fact tables
Aggregate fact tables
 
Report design
Report designReport design
Report design
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Splunk Search

  • 1. Splunk Search Real time examples www.about.me/eashwar
  • 2. error OR failed OR severe OR ( sourcetype=access_* ( 404 OR 500 OR 503 ) ) | timechart count | sort -count When (date and time ) the occurred. Sorted in descending order, so that we can find the time when more number of errors occurred Area chart
  • 3. source="access_*" | transaction referer | chart count(eval(uri)) AS uri by referer | sort -uri Refere is the parent url. Transaction is a command to group a equal field/value pairs. Grouping referer Above is a part of the PIE diagram of this search result(focused to one month). The referrer has contributed 8 URI visits .
  • 4.
  • 5. sourcetype=access_* | chart avg(bytes) by _time | sort -_time
  • 6.
  • 7. sourcetype=access_* | chart avg(bytes) over _time by status OVER is a new key word i am using. When I user it I get the results in x, and y axis . The results can be differentiated by different Status.
  • 8. sourcetype=access* | chart max(bytes) AS Transfer over clientip by action If feel more data, and we need little add | head 20 after access* . This will act as a filter function
  • 9. sourcetype="access_*" | contingency clientip category_id | sort -total