Splunk Search
Highlighted

I am having a hard time getting delta to work. Ideas?

Path Finder

When I search for:
index=unix pool=general1 dom0stat42
| delta stolencputicks as sct
| eval abssct=abs(sct)
| timechart sum(abssct) span=1m by hardware

I get:

_time a4-hpc1-1 a4-hpc1-2 a4-hpc1-3 a4-hpc1-5 a4-hpc1-6
1 9/30/11 8:34:00.000 AM 1449940 1710969 5285059 5107148 439020
2 9/30/11 8:35:00.000 AM 1449917 1711019 5285126 5107278 439015
3 9/30/11 8:36:00.000 AM 1449885 1711043 5285205 5107419 439037
4 9/30/11 8:37:00.000 AM 1449863 1711078 5285282 5107536 439029

Splunk is showing me the hardware correctly, but not the delta. When I search for a single peace of hardware with the following command, delta works.

index=unix pool=general1 dom0stat42 a4-hpc1-1
| delta stolencputicks as sct
| eval abssct=abs(sct)
| timechart sum(abssct) span=1m


_time sum(abssct)
1 9/30/11 8:38:00.000 AM 149
2 9/30/11 8:39:00.000 AM 120
3 9/30/11 8:40:00.000 AM 127
4 9/30/11 8:41:00.000 AM 90

Any ideas/help would be greatly appreciated.

Tags (1)
Highlighted

Re: I am having a hard time getting delta to work. Ideas?

Path Finder

Any ideas out here?

0 Karma
Highlighted