Hi, I have a alert query that uses mstats, I want this query to not throw alert during public holidays (from 9 AM to 5 PM). I have created a lookup holidays.csv with columns "Date","Description". H...
...ther query | mstats prestats=true avg(load.*) WHERE (`sai_metrics_indexes`) AND host=lalalala by host span=1m | timechart span=1m avg(load.longterm) AS Longterm by host which also works perfectly N...
Hi there, I am trying to make a statistic graph in my dashboard using the search below. | mstats rate(vault.runtime.total_gc_pause_ns.value) as gc_pause WHERE `vault_telemetry` A...
I have a basic SPL using mstat but I can't use treills with it? Any ideas why I can't select "severity"
| mstats count("mx.process.logs") as count WHERE "index"="m...
I am not able to get the latest (or earliest) _time values using mstats.
| mstats sum(bytes) latest(_time)
where index=metrics_app_dest_survey by app_name
is returning:
I'm using mstats earliest_time(metric) to find the earliest time for metric. If I use |mstats prestats=false earliest_time("http_req_duration_value") as "Start Time" where index=a...
I know that I can combine multiple metrics using mstats as:
| mstats avg(_value) AS "Average" WHERE metric_name=metric_name* span=1m by metric_name, host
this would create a row per m...
I try to use mstats and mcatalog command
it just simply does not work, I think its Splunk settings side Im missing,
such as this:
| mstats sum(bytes) latest(_time) where index=m...
I know that events and metrics use different index types. Does that mean I can't create an alert (outside of metrics workspace) using an SPL search with mstats?
E.g., I am pumping collectd uptime i...
Hi, I have this command: | mstats avg("value1) prestats=true WHERE "index"="my_index" span=10s BY host | timechart avg("value1") span=10s useother=false BY host WHERE max in top5 and I w...