Home » Freelance Jobs » Summary Indexes and Splun...

Compare Proposal

Nothing to compare.

Summary Indexes and Splunk

  • Posted at : 1 year ago
  • Post Similar Project
 500 /Hr
Estimated Hours - 3
Budget
13
Proposals
143
Views
Open
Status
Skills Required

Posted By -

SB

India
0.0
Projects Posted : 2
Projects Paid : 0
Services Purchased : 0
Total Spent :
0
Feedbacks : 0 %

Project Details show (+) hide (-)

I am looking for support on the following topics:

i) Splunk commands to join different sets of rows - append, appendcols, appendpipe, join and the differences between them

ii) IF..then..ELSE(IF) in Splunk query. For example, using date as a condition to decide which branch of IF to execute

iii) Meaning of certain Splunk error messages and how to avoid them:

Streamed search execute failed because: Error in 'rex' command: regex="(?com\.succ\.\S+)\.[A-Z]\S+\((?\w+)\.java:(?\d+)\)" has exceeded configured match_limit, consider raising the value in limits.conf    

iv) How to combine 2 Splunk dashboards as follows:

   a) First dashboard has input parameters of Environment (Preview/ Production), Time Range (Date Range/Time Picker), Product Area (Multi-select dropdown) and Exception_Type (single select dropdown)

      All the exceptions of dashboard one are, say, of Type A

   b) Second dashboard has input parameters of Environment (Preview/ Production), Time RangeProduct Area and Exception_Type

      All the exceptions of dashboard one are, say, of Type B 

Now, the query that both a) and b) run calls a summary index each. For all 'Product Area' values except one, summary index X needs to be executed. But for one Product Area, summary both indexes X and Y need to be executed. Now, since the 'Product Area' dropdown is multi-select, it could happen that the user selects multiple product areas such that product areas with both summary indexes X and Y need to be executed. So, the query needs to accommodate or consider this use case as well. So, in short, the 'Product Area' drop-down selection can produce 3 possible use-cases:
    
     - Product Area(s) which needs execution of summary index X
     - Product Area which needs execution of summary index X and Y  
     - A combination of Product Areas, some of whom need execution of summary index X, and one which needs execution of both summary indexes X and Y  

For easier maintenance (creating 1 dashboard instead of two), I would like to achieve the whole of iv) in a single dashboard query, not as multiple panels (and queries) in the same dashboard. Would this be possible?

Copyright © 2021 | Truelancer.com