Write Operations in Kibana

ITchandj · January 28, 2021, 10:23pm

Hello people!!!

please how could i write this Splunk function in kibana

sum(NetTargetConnectCount) as SumNetTargetConnectCount
sum(NetTargetReconnectCount) as SumNetTargetReconnectCount
sum(NetTargetRetransmitCount) as SumNetTargetRetransmitCount
sum(NetTargetSendCount) as SumNetTargetSendCount

           count(Application_NetworkConnectFailure) as SumApplicationNetworkConnectFailureCount
           filter NetTargetProtocols is TCP
           $SearchFilter$
     ]
     | eval ConnectAvailability = 100 - round ((SumApplicationNetworkConnectFailureCount + SumNetTargetReconnectCount) / (SumApplicationNetworkConnectFailureCount + SumNetTargetConnectCount) * 100, 3)

NetworkAvailability = round ((ConnectAvailability + TransmitAvailability) / 2, 2)

Thank you in advance

ppisljar · February 1, 2021, 7:05am

Hello,

hopefully someone with better SPL knowledge can weight in, but something like this in SQL might work:

    SELECT
    sum(NetTargetConnectCount) as SumNetTargetConnectCount,
    sum(NetTargetReconnectCount) as SumNetTargetReconnectCount,
    sum(NetTargetRetransmitCount) as SumNetTargetRetransmitCount,
    sum(NetTargetSendCount) as SumNetTargetSendCount,
    count(Application_NetworkConnectFailure) as SumApplicationNetworkConnectFailureCount
    FROM myIndex
    WHERE NetTargetProtocols = 'TCP'
    | math "100 - round ((SumApplicationNetworkConnectFailureCount + SumNetTargetReconnectCount) / (SumApplicationNetworkConnectFailureCount + SumNetTargetConnectCount) * 100, 3)"