Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Keep track of max count.

sandeepmakkena
Contributor
‎09-28-2019 11:04 AM

Mysesarch
| stats avg(time) as "median", max(time) as MaxMedian max(time99) as "Max99th", max(time999) as Max999th by host

I have something like this, I also want a count of max(99th) by host in past 1hr.

Just make it clear, let say I'm running search for 1hr, I want to calculate max(99th) value every 10mins and display its count by host but, I still want my stats to for whole 1hr.

Say we have host A, B and C
at 00:10 the max(99th) is on host-A
at 00:20 the max(99th) is on host-A
at 00:30 the max(99th) is on host-B

I want to display
host-A median MaxMedian Max99th Max999th "2 times out of 3"
host-B median MaxMedian Max99th Max999th "1 time out of 3"
host-C median MaxMedian Max99th Max999th "0 times out of 3"
Thanks for your time.

0 Karma
Reply

tjago11
Communicator
‎10-01-2019 07:59 AM

oops, sorry.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...