...an I display the number of failures, plus earliest(_time) and latest(_time) by src_ip
I've tried using streamstats like below, but do not get what I'm looking for
index=myIndex AND status=* | t...
...ame document_number. With streamstats I was able to fill them further (after found), but not backwards. Is it possible somehow? Or only if I do | reverse and apply streamstats again?
Hi,
We have applications Availability data in splunk. With below SPL, I got this data.
Base_SPL..| streamstats reset_on_change=true count as Real_Status by status,JonName
The challenge is t...
I want a cumulative count of a field that has multiple values. Somehow this isn't working:
base search| streamstats count(State) as dur time_window=1w| timechart sum(dur) by State span=1w
I'm going to check the permission and rejection of the scan attack per hour. At this point, what I wrote... Which is appropriate, Vlaues or the list? Also, which one is suitable, stats or stream st...
I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (Legacy code FTW)
To help with performance, I added the fields command to e...