Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Three different search on single chart
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ChhayaV
Communicator
06-21-2013
06:40 AM
Hi,
I've three different types of logs.
Sharepoint:
04/14/2013 23:51:56.49 wsstracing.exe (0x0B14) 0x1874 SharePoint Foundation Unified Logging Service b9wt High Log retention limit reached. Log file 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS\LNTVANEBPSP-20130404-2321.log' has been deleted.
04/14/2013 23:51:56.49 wsstracing.exe (0x0B14) 0x1874 SharePoint Foundation Tracing Controller Service 8096 Information Usage log retention limit reached. Some old usage log files have been deleted.
Event logs :
04/30/2013 04:38:43 PM
LogName=Application
SourceName=MSCRMTracing
EventCode=17203
EventType=2
Type=Error
ComputerName=LnTVanEBPCRM.LnTVan.com
TaskCategory=None
OpCode=None
RecordNumber=24797628
Keywords=Classic
Message=Splunk could not get the description for this event. Either the component that raises this event is not installed on your local computer or the installation is corrupt.
database log :
2013-04-05 19:29:17.25 spid31s Starting up database 'msdb'.
2013-04-05 19:29:17.25 spid32s Starting up database 'ReportServer'.
2013-04-05 19:29:19.47 Logon Error: 17187, Severity: 16, State: 1.
2013-04-05 19:29:19.47 Logon SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again. [CLIENT: 192.168.33.61]
2013-04-05 19:29:19.47 Logon Error: 17187, Severity: 16, State: 1.
2013-04-05 19:29:19.47 Logon SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again. [CLIENT: 192.168.33.61]
2013-04-05 19:29:22.21 Logon Error: 17187, Severity: 16, State: 1.
Currently I've done some searches in these 3 and shown charts in 3 different dashboards.
Now the question is, can we show the result of all these different searches in a single chart?
For example
single chart showing errors in sharepoint logs, database logs, event logs.?
Is this possible to do?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
06-21-2013
03:29 PM
Yes, it can be done in a single chart:
(sourcetype=sharepoint "error") OR (sourcetype=database "error") OR (sourcetype=eventlog "error")
| stats count by sourcetype
or
(sourcetype=sharepoint "error") OR (sourcetype=database "error") OR (sourcetype=eventlog "error")
| timechart count by sourcetype
Note that I have combined three very simple searches, but you can substitute your actual three searches into the command instead. If this isn't helpful, perhaps you can share the three searches that you are using now.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
06-21-2013
03:29 PM
Yes, it can be done in a single chart:
(sourcetype=sharepoint "error") OR (sourcetype=database "error") OR (sourcetype=eventlog "error")
| stats count by sourcetype
or
(sourcetype=sharepoint "error") OR (sourcetype=database "error") OR (sourcetype=eventlog "error")
| timechart count by sourcetype
Note that I have combined three very simple searches, but you can substitute your actual three searches into the command instead. If this isn't helpful, perhaps you can share the three searches that you are using now.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ChhayaV
Communicator
06-23-2013
10:34 PM
Thanks a lot. It worked :).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
linu1988
Champion
06-21-2013
06:52 AM
Do you want them it to be in single panel / single dashboard page?
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
