Databases Reference
In-Depth Information
This gives us a breakdown of errors by user. Next, let's add a breakdown by logger.
sourcetype="impl_splunk_gen" loglevel=error | stats count by logger
This query produces the following chart:
With this breakdown, we can see that the main producer of errors is the
logger
BarClass
.
Let's learn another command,
bucket
. The
bucket
command is used to group sets
of numeric values and has special capabilities with the
_time
field. This example
will group the values of the field
req_time
in up to 10 evenly distributed bins.
bucket
has some other cool tricks we will use later. The following query will
group
req_time
:
sourcetype="impl_splunk_gen" loglevel=error
| bucket bins=10 req_time | stats count by req_time
The results produce the following pie chart:
Search WWH ::
Custom Search