Splunk Search

How to search top 10 error codes in an environment?

ss78246
New Member

Hi.

I am new to Splunk and was looking for a search which can give me the list of the top 10 error codes occurring in an environment. Could anyone suggest on this?

I think I have to use stats and top commands, but not sure on how to list top 10 error codes.

Regards.

Tags (3)
0 Karma

sundareshr
Legend

Assuming you have the err_cd field extracted, you just need to top command. Try something like this

your base search here | top err_cd | fields - count

This will give you top 10 err_cd, count and percent. The fields - count command will remove the count field from display.

http://docs.splunk.com/Documentation/Splunk/6.4.1/SearchReference/Top

0 Karma

ss78246
New Member

HI Sundaresh.

Thanks for the update.
I am searching for error codes from log files in an environment.
How could I separate out only error code from the logs .
I mean error codes can be like err20 or err31 , just an example.

And also could you suggest on how I can use error code as field in top command.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...