使用 splunk 查询每小时获取上述事件的计数
Get the count of above occurrences on an hourly basis using splunk query
每当我收到文件时,我都会有以下日志。
2017-05-20T06:43:18,273+0000 LogLevel="INFO" ThreadId="[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'"ServerName="ServerName" RequestId ="123456" EventCode="postData" EventMessage="Checksum validated successfully for the input file:myfileName100"
Splunk 查询:索引="myindex" "Checksum validated successfully for the input file:"
现在我想使用 splunk 查询每小时获取上述事件的计数。请帮助
试试这个
index=<index-name> EventMessage="Checksum validated successfully*" | timechart count span=1h
每当我收到文件时,我都会有以下日志。
2017-05-20T06:43:18,273+0000 LogLevel="INFO" ThreadId="[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'"ServerName="ServerName" RequestId ="123456" EventCode="postData" EventMessage="Checksum validated successfully for the input file:myfileName100"
Splunk 查询:索引="myindex" "Checksum validated successfully for the input file:" 现在我想使用 splunk 查询每小时获取上述事件的计数。请帮助
试试这个
index=<index-name> EventMessage="Checksum validated successfully*" | timechart count span=1h