Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
190 results
Sorted by:
07-18-2019
11:16 AM
Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?
It doesn't appear that event sampling can do something like that.
I was h...
02-25-2016
07:15 AM
8 Karma
I've been studying and creating several pieces of code to take advantage of the wonders of the HTTP Event Collector and noticed noone published a PowerShell sample, then since I created one I d...
06-01-2022
03:07 AM
...nd most importantly a column with a sample event from each sourcetype.
I want it to be something like the attached table:
Can someone please help me with the search that provides me with such a...
Show results in replies (5)
-
Hi @muradgh , please try this: index=* | stats count first(_row) AS sample_event BY h...
-
...otal last(_row) AS sample_event BY host sourcetype | appendpipe [ | stats sum(count) AS total BY h...
-
Hi @gcusello Unfortunately, this search did not provide me with what I wanted, check ...
-
Just with a small correction index=* |stats count first(_raw) ….. rest is same. I think auto...
-
Hi @gcusello Thank you for your help. 👍👍
09-27-2022
12:35 AM
For the type of data I am trying to extract, Event Sampling really speeds up the query. This works fine when executing SPL queries, but I have not been able to figure out how to do this in a d...
- Tags:
- Eventsampling
Labels
- Labels:
-
table
Show results in replies (5)
-
I think this Splunk Docs article should help (Event sampling with reports and dashboard panels t...
-
...erformance improvement at all. Running the exact same query directly in SPL with the same Event Sampling is m...
-
...peed regardless of sampling? Reasons could be: - early transformative command like table or stats c...
-
Problem solved. I had the Dashboard pane search settings for the Time Picker set to Global, instead...
-
Glad I was able to help!
03-20-2017
11:52 AM
I've been through this thread: https://answers.splunk.com/answers/295142/line-breaker-in-single-line-printed-json-doc.html
without any success.
I have JSON data coming in as 1 event, and I n...
07-21-2023
07:40 AM
Hi people, I wonder whether it is possible to run a query that generates a set of n-sample of events for each sourcetype in an index? In some sense, if the log data has been ingested and c...
03-18-2020
07:17 PM
If telephone number is present in both Index 1 and Index 2 display the associated device name from the event in index 2 and then display resolution code from index 2. If anyone could point me in t...
Labels
- Labels:
-
table
08-09-2016
06:12 AM
From my understanding, the event sampling works on a ratio basis, so we can have a 1:10 chance of selecting an event. I'd like to integrate this into some dashboards since it takes so long for them t...
03-12-2015
09:07 AM
Hi all,
I'm searching for a way to treat different events as one. Example: If I'm getting events like this where every field-value pair is in one event, it's easy to deal with it:
event...
06-15-2016
06:59 AM
1 Karma
The documentation describes how to set the sampling ratio in the Search app and dashboards, but not when using the REST API.
Is sampling possible using the REST API?
