Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Events per second on a realtime search?

pde23
Explorer
‎08-15-2010 07:14 PM

How can I get a count of events per second in a realtime search?

I can do something like this to get a rolling count on a realtime search with a 30 second window:

source=foobar.log host=*prod* PAYLOAD | stats count

But as soon as I add something like |eval eps=max(count/30) it all falls apart and eps doesn't seem to get updated.

For bonus points I'd like to display this in a single value panel with a rangemap...

Thanks

-Pete

Tags (1)
0 Karma
Reply

pde23
Explorer
‎08-15-2010 07:38 PM

So weird. It didn't work the first two times I tried it, then I walked away for a coffee and it's working as expected. Thanks.

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-16-2010 01:35 AM

Coffee sometimes does that.

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-15-2010 07:28 PM

Seems to work just fine for me:

index=_* OR index=* | stats count | eval eps=count/30

(Note that you don't need max(), but it should give the same results anyway.)

Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...