Solved: Count the number of events in between a recurring ...

myli12 · ‎03-10-2011

I have an event "trans" occurs from time to time, I want to be able to count the number of another type of events (say "down") occur in between this recurring event "trans".

What I tried is

link OR down | transaction endswith="trans" | stats count

Which actually gives me counts of transactions, rather than number of "down" events in between "trans" events.

David · ‎03-10-2011

The transaction command adds the eventcount field. I'd try:

link OR down | transaction endswith="trans" | stats avg(eventcount)

Or if you like:

link OR down | transaction endswith="trans" | table _time duration eventcount

View solution in original post

David · ‎03-10-2011

The transaction command adds the eventcount field. I'd try:

link OR down | transaction endswith="trans" | stats avg(eventcount)

Or if you like:

link OR down | transaction endswith="trans" | table _time duration eventcount

Count the number of events in between a recurring event

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?

Count the number of events in between a recurring event

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management