Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk ES Proxy Log Query Explanation Needed Regarding xswhere and "is above high"

tegosa
New Member
‎05-01-2015 05:41 AM

I can not find anything in the docs regarding "xswhere" and this "is above high"
Here is the query :
| tstats allow_old_summaries=true count as web_event_count from datamodel=Web by Web.src, Web.http_method | drop_dm_object_name("Web") | xswhere web_event_count FROM count_by_http_method_by_src_1d in web by http_method is above high

Any help would be appreciated thanks.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎05-01-2015 10:20 AM

Hi, that's coming from the Extreme Search module: http://docs.splunk.com/Documentation/ES/3.3.0/User/ExtremeSearch

Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...