Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk ES Proxy Log Query Explanation Needed Regarding xswhere and "is above high"

tegosa
New Member
‎05-01-2015 05:41 AM

I can not find anything in the docs regarding "xswhere" and this "is above high"
Here is the query :
| tstats allow_old_summaries=true count as web_event_count from datamodel=Web by Web.src, Web.http_method | drop_dm_object_name("Web") | xswhere web_event_count FROM count_by_http_method_by_src_1d in web by http_method is above high

Any help would be appreciated thanks.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎05-01-2015 10:20 AM

Hi, that's coming from the Extreme Search module: http://docs.splunk.com/Documentation/ES/3.3.0/User/ExtremeSearch

Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top