Solved: Re: Error and Warning Count by Hour or date or tim...

satyajit2007 · ‎11-11-2020

I have my spark logs in Splunk .

I have got 2 Spark streaming jobs running .It will have different logs ( INFO, WARN, ERROR etc) .

I want to create a dashboard for the error Count by hour or any better way ( suggest please)

index=myindex AND (sourcetype=sparkjob1 OR sourcetype=sparkjob2 ) | stats count as total_logs count(eval(level="INFO")) as total_errors</query>

Please also advise if you have any better suggestion with useful dashboard.

thambisetty · ‎11-11-2020

index=myindex (sourcetype=sparkjob1 OR sourcetype=sparkjob2 )  | timechart count as total_logs count(eval(level="ERROR")) as total_errors span=1h

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎11-11-2020

index=myindex (sourcetype=sparkjob1 OR sourcetype=sparkjob2 )  | timechart count as total_logs count(eval(level="ERROR")) as total_errors span=1h

————————————
If this helps, give a like below.

satyajit2007 · ‎11-12-2020

thank you a lot .

1) As i have 2 applications Source types, do i need to make separate graphs? Can i do something by which i can identify those error/Info/warn belongs to which Job ?

2) Also If i need to do to add some texts like error, failed, exceptions to the ERROR bucket in the above example?

Error and Warning Count by Hour or date or timestamp

eval

stats

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!

Index This | I’m short for "configuration file.” What am I?