Re: Need help creating a dashboard showing log val...

abhi4 · ‎10-06-2017

create dashboard where it can show the per day logs ingestion corresponding to it's relevant environment which shows the count of logs per day into it's related environment but i am facing issues while creating dashboard..please help ..thanks in advance.

gcusello · ‎10-06-2017

Hi abhi4,
did you tried to run a simple search as

index=* | timechart span=1d count by index

?
Bye.
Giuseppe

Richfez · ‎10-06-2017

What actual problem are you having? What have you done so far?

Thanks,
-Rich

abhi4 · ‎10-06-2017

Thanks for your reply, i tried with query..
index=*index_name host=hostname| eval application = replace(sourcetype, "_log", "") |
eval length = len (domain_name) |
eval env= ( if(len(domain_name)==11, substr(domain_name,4,4), if(len(domain_name)==12,substr(domain_name,5,4), "undefined"))) |
dedup application env , domain_name | timechart span=1d count(application) by env

It showing me the count of each day but not getting in environment wise..like test 1, test2 test3 ..!

Need help creating a dashboard showing log validation in each environment from different indexes

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?