Hi Sandip, i have a question regarding the chart command. I am trying to execute a search splunk command that shows both the count and percentage of the count in one chart command: so here is an example of splunk command that currently only shows the count and the total count: source="xyz" http_status_code | chart count by path_template, http_status_code | addtotals col=t This command shows each count of the http_status_code (y axis) and the path_template (x axis) and showing the total of the counts of all the http_status_code. Now i need to add the percentage (count/total) of each count when i know the number of counts. e.g. 40 (5%) or something like that. How would i do that using chart? Thanks!
Hello Sir, I tried using max() to find the latest error in application logs:- |stats count, max(_time) by error I get values like 1631484056.103, 1631501959.541 Thus, need your help to interpret the results and translate them to readable format.
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
Excellent - coverage & explanation ---- Pls carry on doing these ...!
Hi Balaji Garu...
I am learning splunk and searching for jobs ...
Your videos are helpful to me
Thank you
Super Balaji …thank you picture clear now😉 need more videos on splunk spl please make it✌🏾👏
Thank you Ankit. Ill make more videos.
informative enough for me to remember the concept. Thanks for making this video.
Nice explanation
Good video bro
Hi Sandip, i have a question regarding the chart command. I am trying to execute a search splunk command that shows both the count and percentage of the count in one chart command: so here is an example of splunk command that currently only shows the count and the total count: source="xyz" http_status_code | chart count by path_template, http_status_code | addtotals col=t This command shows each count of the http_status_code (y axis) and the path_template (x axis) and showing the total of the counts of all the http_status_code. Now i need to add the percentage (count/total) of each count when i know the number of counts. e.g. 40 (5%) or something like that. How would i do that using chart? Thanks!
Can use stats max(count) by user would yield the same result right
Can u advice how to calculate if less than 20% of avg count so I should get alert
rename command will impact the performance of the search..better avoid unless until its absolutely required
Hello Sir,
I tried using max() to find the latest error in application logs:-
|stats count, max(_time) by error
I get values like 1631484056.103, 1631501959.541
Thus, need your help to interpret the results and translate them to readable format.
| eval Time=strftime(_time, "%Y-%d-%m %H:%M") | table _time Time
or you can just use
| convert ctime(_time) as Time | table _time Time