Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
223 results
Sort by:
07-18-2019
11:16 AM
Does anyone know of a good way to pull one event of a specific eventcode/type when searching for multiple eventcodes?
It doesn't appear that event sampling can do something like that.
I was h...
02-25-2016
07:15 AM
8 Karma
I've been studying and creating several pieces of code to take advantage of the wonders of the HTTP Event Collector and noticed noone published a PowerShell sample, then since I created one I d...
06-01-2022
03:07 AM
...nd most importantly a column with a sample event from each sourcetype.
I want it to be something like the attached table:
Can someone please help me with the search that provides me with such a...
Show results in replies (5)
-
Hi @muradgh , please try this: index=* | stats count first(_row) AS sample_event BY h...
-
...otal last(_row) AS sample_event BY host sourcetype | appendpipe [ | stats sum(count) AS total BY h...
-
Hi @gcusello Unfortunately, this search did not provide me with what I wanted, check ...
-
Hi @gcusello Thank you for your help. 👍👍
-
Hi @SinghK Thanks for the note.
09-27-2022
12:35 AM
For the type of data I am trying to extract, Event Sampling really speeds up the query. This works fine when executing SPL queries, but I have not been able to figure out how to do this in a d...
- Tags:
- Eventsampling
Labels
- Labels:
-
table
Show results in replies (5)
-
I think this Splunk Docs article should help (Event sampling with reports and dashboard panels t...
-
...erformance improvement at all. Running the exact same query directly in SPL with the same Event Sampling is m...
-
...peed regardless of sampling? Reasons could be: - early transformative command like table or stats c...
-
Problem solved. I had the Dashboard pane search settings for the Time Picker set to Global, instead...
-
Glad I was able to help!
03-20-2017
11:52 AM
I've been through this thread: https://answers.splunk.com/answers/295142/line-breaker-in-single-line-printed-json-doc.html
without any success.
I have JSON data coming in as 1 event, and I n...
07-21-2023
07:40 AM
Hi people, I wonder whether it is possible to run a query that generates a set of n-sample of events for each sourcetype in an index? In some sense, if the log data has been ingested and c...
06-15-2016
06:59 AM
1 Karma
The documentation describes how to set the sampling ratio in the Search app and dashboards, but not when using the REST API.
Is sampling possible using the REST API?
08-09-2016
06:12 AM
From my understanding, the event sampling works on a ratio basis, so we can have a 1:10 chance of selecting an event. I'd like to integrate this into some dashboards since it takes so long for them t...
03-12-2015
09:07 AM
Hi all,
I'm searching for a way to treat different events as one. Example: If I'm getting events like this where every field-value pair is in one event, it's easy to deal with it:
event...
03-18-2020
07:17 PM
If telephone number is present in both Index 1 and Index 2 display the associated device name from the event in index 2 and then display resolution code from index 2. If anyone could point me in t...
Labels
- Labels:
-
table
