Splunk cookbook

Category: /knowledge /linux
Tags: splunk
  1. search index and sourcetype: index=your_app sourcetype=your_metrics

  2. include traceid events: index=your_app sourcetype=your_metrics TRACE_ID=”"

  3. expand search to 60 minutes and events where response time is greater than 5ms: earliest=-60m latest=now EXE_TIME>5

  4. find count(volume), average, minimum, maximum, and standard deviation: earliest=-60m latest=now EXE_TIME>5 | stats counts as volume, avg(EXE_TIME), min(EXE_TIME) as minimum, max(EXE_TIME) as maximum, stdev(EXE_TIME) as stddev

  5. group by operation: index=your_app sourcetype=your_metrics TRACE_ID=”" earliest=-60m latest=now EXE_TIME>5 | stats counts as volume, avg(EXE_TIME), min(EXE_TIME) as minimum, max(EXE_TIME) as maximum, stdev(EXE_TIME) as stddev by OPERATION

讨论

提示

  • 如果看不到讨论部分, 请暂时关掉adblock in Firefox/Chrome
  • 本网站使用Javascript实现评论功能, 此处外链对提高您的网站PR没有帮助. (潜台词: 请不要灌水, 谢谢)