...PPEND: requires "stats values" command to correlate the data, gives "merged data" in one row that needs to be split (using MVexpand or other methodology). MVexpand has memory issue and slow. At t...
...would like to calculate "Score" for each of these records. For simplicity, Lets assume theScore function operates like this - For each record (that stands for one branch sales on a specific date), I...
...rouped into 'OTHER', as long as useother is not set to false. The scoring is determined as follows: If a single aggregation is specified, thescore is based on the sum of the values in the a...
...ollowing article with ELK.
https://www.compose.com/articles/using-query-string-queries-in-elasticsearch/
We have seen that thescorecommand appears with the Splunk Machine Learning toolkit addition b...
...xample:
Calculate average scoreusing last 1 hour events, then compare average score with each score in the last 1 minute to get the events with score more than average of the server.
sourcetype=score...
...osts and I tried to use a Join command.
This is the formula I wrote for the risk score:
index=XXXX sourcetype="nessus:scan" name="XXXXXX" NOT severity=informational| dedup plugin_family p...
...asically, an item can have two states (pass or fail), and a score attributed based on severity. If an item is high severity then it is worth 72 points, if it's a medium then 36 points, and a low is worth 12....
My ultimate goal is to create a scatter plot showing the number of email messages which has a spam score of X and phish score of Y. I tried to do this usingthe earthquake data and plotting the n...
...ith $fields$ for the list and removing the table command. This effectively works at hiding the extra columns and keeping the data so that I can use it for drilldown, but it doesn't update dynamically a...
Hello, I am trying to use sub search to extract fields from my JSON logs. I tried with spath and also with Rex commands, I ended up with the below error: Error in 'rex' command...