I have a query that produces a line chart with two plotlines; I would like to add a trend line for each line.
sourcetype=OktaIM2:log (debugContext.debugData.requestUri=/app/office365/xxxxxxxxxxxxxx...
Hello, I'm working in splunk enterprise 8.2.4 I have the below search index=Red msg="*COMPLETED Task*”
| spath output=logMessage path=msg
| rex field=logMessage "Message\|[^\t\{]*(?<json>{[^\...
I am looking for suggestions as to how best to implement an alerting request made by my users.
Summary
A query is run to count the number of events. The time weighted difference (in percent...
Hi, I am working on a query where I need to calculate the average of 99th percentile values over a 5 minute period of time for last 24 hours by serviceName. serviceName is nothing but the web s...
| timechart span=10m avg(Value) as AV by Host useother=false
after running this query - I get desired values for all HOSTS..
Now I want to get MAX of each column for the day ..
Stats woul...
...imestamp. I untable the events using this syntax: ...| untable _time FieldName FieldValue The results appear as this: _time FieldName FieldValue 2020-06-16 12:51:53 EventCode 1257 2020-06-1...
Hello Splunkers,
I would like to have to set an alert if a sudden high amount of events are received.
I have this base search:
index=_internal source="*metrics.log" eps "group=per_source_...