Splunk Search

events per minute

gurinderbhatti
Path Finder

I am a regular user with access to a specific index. i dont have access to any internal indexes.
how do i see how many events per minute or per hour splunk is sending for specific sourcetypes i have? i can not do an alltime real time search.
so is there an other query or app i can run?

index= my_index
sourcetype=/var/log/mysource
host=abc-host101
i need events every 1 min from /var/log/mysource, every 5 mins and every 30 mins

Tags (3)
1 Solution

aelliott
Motivator

you could do index=my_index sourcetype=/var/log/mysource host=abc-host101 | bucket _time span=5m | stats count by sourcetype,_time

and

index=my_index sourcetype=/var/log/mysource host=abc-host101 | bucket _time span=30m | stats count by sourcetype,_time

View solution in original post

aelliott
Motivator

you could do index=my_index sourcetype=/var/log/mysource host=abc-host101 | bucket _time span=5m | stats count by sourcetype,_time

and

index=my_index sourcetype=/var/log/mysource host=abc-host101 | bucket _time span=30m | stats count by sourcetype,_time

gurinderbhatti
Path Finder

thank you very much.it works now.

0 Karma

aelliott
Motivator

You need a space between bucket and _time

0 Karma

gurinderbhatti
Path Finder

Elliott,
i have over 36k events (60 minute search) from a specific host and sourcetype but i tried the below and got 0 matching events:
index=lnx_appmsp sourcetype=/app/mrg/qa/logs/broker.log host=ftc-lpesbmbk301 | bucket_time span=5m | stats count by sourcetype, _time

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...