- Splunk Operational Intelligence Cookbook
- Josh Diakun Paul R Johnson Derek Mock
- 202字
- 2025-04-04 16:53:03
How to do it...
Follow these steps to search for the total number of database connections over the past 30 days:
- Log in to your Splunk server.
- Select the Search & Reporting application.
- Ensure that the time range picker is set to Last 7 days and type the following search into the Splunk search bar. Then, click on Search or hit Enter:
index=main sourcetype=log4j perfType="DB" | eval threshold=con_total/100*70 | where con_used>=threshold | timechart span=4h count(con_used) AS CountOverThreshold
- Splunk will return a tabulated list, detailing all the events that meet our search criteria, as shown in the following screenshot:
- This is great, but hard to visualize in tabular form. Click on the Visualization tab, and you will see this data represented in a column (by default) chart.
- Click on the column link above the chart and select Line. Splunk now presents this data in a line chart, allowing us to easily see any spikes during certain times of the week. The following screenshot illustrates the chart:
- Save this search by clicking on Save As and then on Report. Give the report a name of cp02_application_db_connections and click on Save. On the next screen, click on Continue Editing to return to the search.