SPLUNK LIFE

That happened: episode 7

This week in “That happened: notes from #splunk” a blog about the goings-on in the Splunk IRC channel: purveyors of virtual hugs, karma monitoring, a step-by-step lesson in reporting on session stats, and robot family planning advice.

The Truth will possibly get you snuggled

And Drainy is prepared for that outcome:

*** drsnuggle has left #splunk
<@piebob> i wish drsnuggle would…SAY something
<Drainy> piebob: I can’t wait for the day Dr Snuggle says something
<Drainy> I announced him as being on duty earlier but alas, still nothing
<amrit|lon> Drainy: who he be?
<Drainy> no idea
<Drainy> but anyone who is a dr of snuggles must be good for something
<amrit|lon> hehe
<jgedeon> Drainy, I think I would be afraid to find out the answer to that.
<Drainy> haha
<Drainy> jgedeon: I’m committed to the truth now 😛

Dr. Snuggle, if you’re reading this: we we would love it if you’d say hi sometime :)

Better than Nagios

We always know when Splunk Answers is slow:

<^Brian^> is answers having problems?
<amrit|lon> seems slow
<^Brian^> there it goes
<^Brian^> time to replace the hamsters
<yann> or give them some redbulls
<Nerf> Wiiiiiiings!

Dropping the (mad)science

You must walk before you can run, Padawan:

<firebus> good morning splunk!
<firebus> i want to count the number of times a given session hit a given URL over a period of time. then i want to report on max/min/avg accesses per session. where should i start?
<madscient> if you have a field for sessionId or cookie it’s pretty easy
<firebus> i’ve got that
<firebus>  i can do a count by session with various search filters
<firebus> but i don’t know how to jump from that to the average stats by session
<madscient> one step a time really
<madscient> super basic:
<madscient> sessionId=”someId” url=”someUrl” | timechart count
<madscient> and from the other end:
<madscient> foo url=”someURL” | stats count by sessionId | stats avg(count) as avgPerSession max(count) as maxPerSession min(count) as minPerSession
<firebus> awesome! thank you!
<madscient> if you want to stitch those aggregate numbers back into the first simpler search, so you can say select the sessions that hit it more than the average, you’ll probably want to use eventstats.
<firebus> i was trying to do too much in the first step
<madscient> yea.  happens all the time.
<madscient> jumping is discouraged
<madscient> also magic
<firebus> how can i add a timerange to that, so it’s hits by session within an x second window?
<madscient> x seconds before/after some other event?
<firebus> let’s say that today session A hit the page 5 times, and yesterday session A hit the page 4 times, and i want to group those separately, instead of counting 9 hits for session A
<madscient> a little bit of bin, and an extra group by in stats.  like this:
<madscient> let me break it down though…
<madscient> if this is the count of hits purely by sessionId:
<madscient> foo url=”someURL” | stats count by sessionId
<madscient> then this is the count by sessionID and by day:
<madscient> foo url=”someURL” | bin span=”1d” | stats count by sessionId, _time
<firebus> got it
<firebus> THANK YOU!!!!
<madscient> np
<madscient> hopefully it’s free of typos.
<tmichael> well done, madscient.  well done.

One big happy robot family:

Of COURSE someone by the name of JoeTron is going to assume she’s a robot:

<Drainy> wonderful, a girl looking to meet and date and wants a kind man for dinner or a walk on the beach has added me on twitter
<Drainy> I think I might have found the person I’m going to spend my life with
<JoeTron> you sure it’s not a bot?
<Coccyx> lol
<Drainy> JoeTron: I hope not
<Drainy> I’ve been looking for a good looking girl with those qualities for years
<Drainy> and now I’ve found BenXEyuC3
<@cgales> I think the 3 is silent when you pronounce that
<Drainy> 😀
<Ayn> bot-walking on the beach sounds nice though
<Drainy> we could have little bot-babies
<@cgales> and splunkbot could be the daft uncle!
<Drainy> haha
<Ayn> you could teach them to solve captchas and you’ll be rich

----------------------------------------------------
Thanks!
rachel perkins

Splunk
Posted by

Splunk

Join the Discussion