Splunk - Mastering SPL (Grouping and correlating)

Показать описание

Splunk - Mastering SPL (Grouping and correlating) commands

SPL :

Transaction
index=main sourcetype="access_combined_wcookie"
| transaction JSESSIONID
| stats max(duration)

index=main sourcetype="access_combined_wcookie"
| transaction JSESSIONID clientip startswith="action=view" endswith="action=purchase"

Subsearch
index=main sourcetype="access_combined_wcookie"
[ search index=main sourcetype="access_combined_wcookie"
| stats count by productId
| sort 1 count
| fields productId]

Append
No of purchases for 2 days and for ALL TIME
index=main sourcetype="access_combined_wcookie" action=purchase earliest=-60d latest=-59d
| top limit=2 productId showperc=f
| eval timeperiod="Just for 2 Days"
| append
[ search index=main sourcetype=access_combined_wcookie action=purchase earliest=1 latest=now
| top limit=2 productId showperc=f
| eval timeperiod="All time"]

Append
(No of 500 http Errors on two consecutive days)
index=main sourcetype="access_combined_wcookie" status=5* earliest=-60d latest=-59d
| stats count as "Day 1 Errors" by status
| append
[ search index=main sourcetype=access_combined_wcookie status=5* earliest=-59d latest=-58d
| stats count as "Day 2 Errors" by status]

Appendcols
(No of 500 http Errors on two consecutive days)
index=main sourcetype="access_combined_wcookie" status=5* earliest=-60d latest=-59d
| stats count as "Day 1 Errors" by status
| appendcols
[ search index=main sourcetype=access_combined_wcookie status=5* earliest=-59d latest=-58d
| stats count as "Day 2 Errors" by status]

Appendpipe
Include the grand TOTALS for categories
index=main sourcetype="access_combined_wcookie" categoryId IN (arcade, sports, tee)
| stats count by categoryId productId
| appendpipe
[stats sum(count) as count by categoryId
| eval productId="TOTAL of ALL Products"]
| sort categoryId

Рекомендации по теме

Комментарии

The super practical and hands-on way of your teaching is amazing!
I hope you will continuously provide these invaluable contents about Splunk.

rotrose

Very good delivery
I am waiting for next vidoes

techworld

Splunk - Mastering SPL (Grouping and correlating)

Splunk - Mastering SPL (Grouping and correlating)

Splunk - Mastering SPL ( Most common Use Cases for operations) #splunk #splunkuser #splunkpoweruser

Splunk - Mastering SPL (4) Less Used BUT Impactful Commands

Splunk - Mastering SPL (Transforming and Streaming commands)

Advance Splunk Query | Mastering Splunk: A Comprehensive Guide | PenTest

Splunk Tutorial | Subsearch Using Results from Two Indexes #FADS

How to group events in Splunk (Transaction Command)

Regular Expressions in Splunk | Splunk Fields | Splunk Field Extractions

SPLendid uses for SPL in SPLunk

Splunk Creating Workflow Actions

How to group event counts by hour or time in splunk | splunk scenarios tutorial

Basic Searching in Splunk Enterprise

Splunk rex101 - part 19 - rex vs regex

Splunk Multisearch Command

Splunk Commands : How 'transaction' command works

Mastering SVC with Splunk App for Chargeback: App Walkthrough (Part 1)

Splunk - How to set up FortiGate Active Response on Splunk Core

SPLUNK Tutorial 6

SPLUNK : Total SPL Overview | What is SPL | How do you execute SPL command query | In Telugu

Splunk Commands | Splunk stats | Splunk eventstats

Splunk Commands: 'rex' vs 'regex' vs 'erex' command detailed explanati...

Splunk Search Modes

Practical #Splunk - Zero to Hero #cybersecnerd

Using Splunk search commands: transaction, append and appendcols