Dashboards & Visualizations

How to create a sparkline in Splunk 6.0.5 that counts the amount of daily errors in Splunk?

markthompson
Builder

Hello,
I'm trying to create a sparkline that counts the amount of errors on a daily basis, using the keyword "Error", and then putting that onto a sparkline.

Please can you provide assistance.

index=my_index host=my_host "Error" | chart count sparkline(count, 1h) as trend by host | sort -count

Thanks

Tags (2)
1 Solution

fdi01
Motivator
index=my_index host=my_host "Error" | chart count sparkline(count, 1h) as trend by host | sort -count  

This command is correct but does not do the work that you request, because it counts the number of events in which we find the word "Error" at least once; but its not giving any error such as errors of access with code "status = 404".
so if you have a field "status" gives error codes that the na tu precisser like this:

index=my_index host=my_host  (status=4* OR status=5*)| chart count sparkline(count, 1h) as trend by host | sort -count  

or

index=my_index host=my_host  (status=4* OR status=5* OR field_name="ERROR") | chart count sparkline(count, 1h) as trend by host | sort -count

View solution in original post

fdi01
Motivator
index=my_index host=my_host "Error" | chart count sparkline(count, 1h) as trend by host | sort -count  

This command is correct but does not do the work that you request, because it counts the number of events in which we find the word "Error" at least once; but its not giving any error such as errors of access with code "status = 404".
so if you have a field "status" gives error codes that the na tu precisser like this:

index=my_index host=my_host  (status=4* OR status=5*)| chart count sparkline(count, 1h) as trend by host | sort -count  

or

index=my_index host=my_host  (status=4* OR status=5* OR field_name="ERROR") | chart count sparkline(count, 1h) as trend by host | sort -count
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...