Summary Indexes And Splunk

I am looking for support on the following topics:i)Splunk commands to join different sets of rows - append, appendcols, appendpipe, join and the differences between themii)IF..then..
ELSE(IF) in Splunk query.
For example, using date as a condition to decide which branch of IF to executeiii)Meaning of certain Splunk error messages and how to avoid them:Streamed search execute failed because: Error in 'rex' command: regex="(?com\.succ\.\S+)\.[A-Z]\S+\((?\w+)\.java:(?\d+)\)" has exceeded configured match_limit, consider raising the value in limits.conf iv)How to combine 2 Splunk dashboards as follows: a)First dashboard has input parameters ofEnvironment(Preview/ Production),Time Range(Date Range/Time Picker),Product Area(Multi-select dropdown) andException_Type(single select dropdown) All the exceptions of dashboard one are, say, of Type A b)Second dashboard has input parameters ofEnvironment(Preview/ Production),Time Range,Product AreaandException_Type All the exceptions of dashboard one are, say, of Type BNow, the query that both a) and b) run calls a summary index each.
For all 'Product Area' values except one, summary index X needs to be executed.
But for one Product Area, summary both indexes X and Y need to be executed.
Now, since the 'Product Area' dropdown is multi-select, it could happen that the user selects multiple product areas such that product areas with both summary indexes X and Y need to be executed.
So, the query needs to accommodate or consider this use case as well.
So, in short, the 'Product Area' drop-down selection can produce 3 possible use-cases: - Product Area(s) which needs execution of summary index X - Product Area which needs execution of summary index X and Y - A combination of Product Areas, some of whom need execution of summary index X, and one which needs execution of both summary indexes X and YFor easier maintenance (creating 1 dashboard instead of two), I would like to achieve the whole ofiv)in a single dashboard query, not as multiple panels (and queries) in the same dashboard.
Would this be possible?
Tags: Splunk

 

Similar Freelance jobs:

Feasibility For Integration Of Splunk With Streamsets To Get Incidents On Service Now

we have streamsets pipeline in ETL framework. But whenever the pipeline gets failed the log is genreted. we need a service now incident to be created for the failed pipeline. So for this how far splunk is useful to read the log of the streamsets and how it generated a incident in the service now.
Full Description of feasibility for integration of splunk with streamsets to get incidents…

 

© 2005 - 2019 getFreeLancer.com
10,447 contracts/jobs/projects currently available in our database.

There are 5 users online now.
Most online ever was 1568.