Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Tabulate frequency of all events within X events of found event

john_loch
Explorer
‎03-28-2011 03:29 AM

Hi all,

This is slightly tricky - well for me anyways..

I have an index where a key event is occuring. I need to be able to examine the 5 events prior to and after the key event (irrespective of time) per host, and tabulate a count of each event type (by type i mean the string that appears in the log entry).. so if we have 7 distinct event types surrounding all instances of the key event, then we would see a table with 7 rows, showing the event and a count of occurances.

The idea is to use proximal analysis to get a bead on possible causal relationship. I'm pretty sure this is a common practice - but after hunting around I can't find a reference to it anywhere..

Would much appreciate any Ninja feedback..

Thx.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎05-28-2015 01:08 PM

Start here:

http://answers.splunk.com/answers/2602/can-splunk-filter-match-events-and-bring-back-neighbouring-ev...

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...