Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help me pull a number and then show that value in a timechart?

orchapellico
Explorer
‎09-20-2018 10:52 AM 
2018-09-20T11:48:41.071-0600 I NETWORK  [conn16918] end connection 10.16.33.19:61051 (28 connections now open)

So I need to be able to capture the value "28" that is in the (28 connections now open), use that as a value and chart based on host. Thank you!

Tags (2)
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎09-20-2018 11:12 AM

@orchapellico

Can you please try following search?

index=YOUR_INDEX | rex field=_raw "\((?<CONNECTIONS>\d+)\sconnections\snow\sopen\)" | timechart sum(CONNECTIONS) as total_connections by host

Here I have use sum() to get total_connections count.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...