Splunk search for Percentage of skipped searches
Copy
index=_internal sourcetype=scheduler | stats count as total, count(eval(status="skipped")) as skipped | eval pct=round(skipped/total * 100, 0) | rangemap field=pct low=0-10, elevated=10-20 severe=20-50 critical=50-100 | eval pct = pct . "%" | fields pct, range | rename pct as "Percent Skipped Searches", range as State
This Splunk search will provide the percentage of scheduled searches that have been skipped within the searches time period. The search will categorize the percentage of skipped searches as low, elevated, severe or critical.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment