计算splunk中的事件吞吐量
Calculating event throughput in splunk
我想查找目标事件的吞吐量。我通过 EVENT_PROCESSED 确定我的目标事件。所以我的查询是:
index=myIndex namespace=myNamespace host=myHost log=\*EVENT_PROCESSED* | bucket _time span=1h | chart count(EVENT_PROCESSED)/3600 as throughput by _time
但是没用。错误是:
Error in 'chart' command: The data field 'count(EVENT_PROCESSED)/3600' is malformed.
我在这里犯了什么错误?
使用timechart:
index=myIndex namespace=myNamespace host=myHost log=\*EVENT_PROCESSED*
| timechart span=1h count(log) as count
###edit - 从字段 value
更改为字段 name(日志)
我想查找目标事件的吞吐量。我通过 EVENT_PROCESSED 确定我的目标事件。所以我的查询是:
index=myIndex namespace=myNamespace host=myHost log=\*EVENT_PROCESSED* | bucket _time span=1h | chart count(EVENT_PROCESSED)/3600 as throughput by _time
但是没用。错误是:
Error in 'chart' command: The data field 'count(EVENT_PROCESSED)/3600' is malformed.
我在这里犯了什么错误?
使用timechart:
index=myIndex namespace=myNamespace host=myHost log=\*EVENT_PROCESSED*
| timechart span=1h count(log) as count
###edit - 从字段 value
更改为字段 name(日志)