Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to filter out events before/after a specific event

tanyongjin
Explorer
‎05-10-2017 06:27 AM

Hi,

I want to filter out an event that occurs just before/after all the occurrence of a specific event, 'X". How can I do it?

If I want to aggregate them out to get some statistics or plot a graph, how can I do it too?

Tags (1)
0 Karma
Reply

DalJeanis
Legend
‎05-10-2017 12:13 PM

You will have to be much more specific about your data, because the answer to your question depends on how you are identifying the event X, and how you are identifying the events A and Z that you want filtered out.

So, please post an example (non confidential, of course) of event X, and an example of the events you might like to filter out. If you describe in plain language the rationale for omitting them, that can help us meet your need as well.

0 Karma
Reply

tanyongjin
Explorer
‎05-10-2017 05:48 PM

Here, X is an exact requirement provided to me. X is an access to an specific API, which for confidentiality, I am unable to provide an example of it.

So if a user uses A, then proceeds to X then to Z. We know that the flow goes from A -> X -> Z.

From this information, I would like to find out for all the users in the system, what is their "A" and "Z". Then determine if access to "A" and "Z" are related to the usage of X. Thus, I can report this finding up to my superior and for them to determine what could be missing in the implementation of X, which causes users to access "A" and "Z", which in turn can help improve X.

Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...