Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to search for overlapping events that occurred on the same host?

mitchabaza
Explorer
‎11-24-2015 02:21 PM

Given the Splunk result set in the attached screenshot, I'd like to formulate a search that finds all overlapping events that occurred on the same host. Many thanks!

Preview file
1 KB
0 Karma
Reply

songhyunho
New Member
‎11-24-2015 10:35 PM

What about this?

| stats values(MessageKey) by host
Or
| chart count over host by MessageKey usenull=f

0 Karma
Reply

jluo_splunk
Splunk Employee
Splunk Employee
‎11-24-2015 03:18 PM

You could use the transaction command, for example:

.... | transaction host

0 Karma
Reply

mitchabaza
Explorer
‎11-24-2015 08:21 PM

This returns no results.

0 Karma
Reply
Get Updates on the Splunk Community!

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...

Announcing Our Splunk MVPs

We are excited to announce the first cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...