Solved: Re: Frequency of events - how often an event was l...

Derek · ‎07-05-2010

Does anyone have a good way (or am I missing the something obvious?) of calculating for a defined time range the average frequency of the events logged?

Such as eventtype A appeared every X minutes.

Thanks!

Simeon · ‎07-05-2010

I would use eval in combination with stats. For example:

sourcetype=apache_error earliest=-60m | stats count as total | eval errors_per_min=(total/60) | fields error_per_min

This would take the total # of events over the past 60 minutes, then divide by 60 to get you a count per minute. Or from the advanced charting view:

sourcetype=apache_error earliest=-60m | timechart span=1m count as error_per_min

View solution in original post

Simeon · ‎07-05-2010

I would use eval in combination with stats. For example:

sourcetype=apache_error earliest=-60m | stats count as total | eval errors_per_min=(total/60) | fields error_per_min

This would take the total # of events over the past 60 minutes, then divide by 60 to get you a count per minute. Or from the advanced charting view:

sourcetype=apache_error earliest=-60m | timechart span=1m count as error_per_min

Derek · ‎07-06-2010

I knew I missing something obvious 🙂

Frequency of events - how often an event was logged

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...