How to filter out errors that occur at consecutive... - Splunk Community

Monitoring Splunk

This query returns the url with errors at 5m span, I just want to filter out those errors that occur at consecutive intervals, like 9:00 and 9:05.

index = index uriPath=url* |bin span=5m _time
I stats count as Volume, count(eval(httpCode<=299)) as "Success" , count (eval (httpCode>399)) as Fail by urlPath _time I eval F=round (Fail*100/Volume, 2) | where FP> 2 and Volume > 50

index = index uriPath=url* |bin span=5m _time
I stats count as Volume, count(eval(httpCode<=299)) as "Success" , count (eval (httpCode>399)) as Fail by urlPath _time I eval F=round (Fail*100/Volume, 2) | where FP> 2 and Volume > 50
| streamstats range(_time) as gap
| where gap > 300

Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...