Using Streamstats to group the results happening w...

Splunk Search

Hi Experts,

I have a query which finds total number of non 200 responses and total responses based on the web access.logs by api and application location.

Now i need to group/club/count all the non 200 requests as 1 which happen within 10 seconds(for a location, api, application) as they are the results of the same problem.

index=web api=www.something.com | stats count as TOTAL count(eval(sc_status!=200)) as TOTAL_NON_200 count(eval(sc_status=404)) as TOTAL_404 by api location application

I saw on other answers that i can group using streamstats , not sure how that would fit in my case. Can i get some help ?

Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...