I'm trying to wrap my head around some of the more advanced/esoteric search commands. It seems like there's a lot of power there if you know how to harness it (i.e. you're familiar with statistics...
A large kv lookup table (>2M entries and growing) holds metadata and is processed on a regular schedule to solve some complex correlations. The task at hand is to make accessing the last 5k entrie...
...egions, and thus I track all of their manpower without knowing which ones will be important each day. I can't leave my myrmidons without reinforcements!
I'd like to generate statistical information a...
...reated a plot of the application's response times. We expect this response time to look like an exponential distribution.
As a next step, we’d like to start doing some advancedstatistical a...
...urrentDBSizeGB = currentDBSizeMB/1024 | search title="*apps" OR title="*perf" | where currentDBSizeMB>1
where the quotes for map command and splunk_server substitution disappeared?
How d...
My problem is that I cannot understand why I get a different statistics number depending on wether I place the dedup command before or after sort command.
query:
host="web_application" s...
When I run the MAP search below, the events that I get back do not match the ones used to generate the statistics table. However, if I switch the TAIL to HEAD, that events and statistics table match....
...t would return a subset, say, A, B, D.
It works (in that only a subset of log entries are returned), but when I run the search, the UI always shows the Statistics tab containing every field in c...