Splunk - Mastering SPL (Transforming and Streaming commands)

Splunk - Mastering SPL (Transforming and Streaming commands)

cybersecnerd

54 года назад

4,199 Просмотров
Splunk - Mastering SPL (Transforming and Streaming commands). Develop a knack!

Distinct Count V/s estdc
index=main sourcetype=access_combined_wcookie
| stats dc(clientip) AS "distinct client ips"

BY Clause (Splitting)
index=main sourcetype=access_combined_wcookie
| stats count BY method, action, categoryId

Functions
index=main sourcetype=access_combined_wcookie
| stats
max(bytes) AS "Largest",
min(bytes) AS "Smallest",
avg(bytes) AS "Average",
perc95(bytes) AS "95th percentile"

Values/List for stats
index=main sourcetype="access_combined_wcookie" status=5*
| stats
count AS "Total Server Errors",
values(uri_path) AS "Unique URI accessed"
BY status

First time HTTP error code 503 was received
index=main sourcetype="access_combined_wcookie" status=503
| stats earliest(_raw) AS "First event "

Last event from this IP: clientip="117.21.246.164"
index=main sourcetype="access_combined_wcookie" clientip="117.21.246.164"
| stats latest(_raw) AS "Last event from 117.21.246.164"

Eventstats
index=main sourcetype="access_combined_wcookie" action=purchase
| stats count by categoryId
| eventstats avg(count) as avgcount
| table categoryId count avgcount


Streamstats (RANKING for categories)
index=main sourcetype="access_combined_wcookie" action=purchase
| stats count as "total purchases" by categoryId
| sort 5 - "total purchases"
| streamstats count as rank

RARE
Lowest 2 selling categories
index=main sourcetype="access_combined_wcookie" action=purchase categoryId!=NULL
| rare limit=2 categoryId

Lowest selling product for each category
index=main sourcetype="access_combined_wcookie" action=purchase categoryId!=NULL
| rare productId by categoryId limit=1

CHART (span argument)
index=main sourcetype="access_combined_wcookie" action=purchase categoryId!=NULL
| chart count by bytes span=1000

index=main sourcetype="access_combined_wcookie"
| chart count over categoryId by productId limit=4 usenull=f useother=f

Тэги:

##splunk ##splunking ##spl ##SPL ##splunklearning ##poweruser ##splunkpoweruser ##splunkuser ##cybersecnerd
Ссылки и html тэги не поддерживаются

Комментарии:

Сейчас смотрят
Splunk - Mastering SPL (Transforming and Streaming commands) 40:22
Splunk - Mastering SPL (Transforming and Streaming commands) cybersecnerd
SHAZAM TOP 50 | Новинки и Хиты 2:31:02
SHAZAM TOP 50 | Новинки и Хиты Самая Лучшая МУЗЫКА 👑
A 2012 Louisville Kentucky Story - Aaron Browning, Joel Casse, Colonel Sanders, etc 1:01:19
A 2012 Louisville Kentucky Story - Aaron Browning, Joel Casse, Colonel Sanders, etc SLV Revolutions
Bald And Bankrupt RUSSIAN INTERROGATION Arrested In Russia 10:41
Bald And Bankrupt RUSSIAN INTERROGATION Arrested In Russia Australian In Belarus
Midnight in Stockholm | Swedish Girls, Winter Nightlife & 4K Adventure 44:50
Midnight in Stockholm | Swedish Girls, Winter Nightlife & 4K Adventure Flori Travel
история + игра 00:41
история + игра Лисенок топ лис кис
Reiner Fuellmich | 2024-11-27 - UPDATE - 39th day of the trial - Report on site 27:21
Reiner Fuellmich | 2024-11-27 - UPDATE - 39th day of the trial - Report on site Data Ark
Tina LaTiina - Forever 3:55
Tina LaTiina - Forever Tina LaTiina
道教經典 《太上感應篇》合集 太上感應篇 傳統古韻誦讀+標準國語普通話朗讀 23:02
道教經典 《太上感應篇》合集 太上感應篇 傳統古韻誦讀+標準國語普通話朗讀 老梁時刻Leung Time 欢迎订阅
¡Gol de último minuto de Araceli Torres! | Chivas vs América | Clásico Nacional Femenil 1:21
¡Gol de último minuto de Araceli Torres! | Chivas vs América | Clásico Nacional Femenil Chivas
Why Don't They Eat Millions of Wild Boars In America? 29:58
Why Don't They Eat Millions of Wild Boars In America? Beyond Discovery
Venum Hammer Pro Training Gloves Review (Loma Edition 16 oz) 22:10
Venum Hammer Pro Training Gloves Review (Loma Edition 16 oz) Thee Combat Corporation