Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sort by:
06-22-2023
12:00 PM
The below query is giving the results for 30 days MaxTPS data. (Between the time range of 2:00 to 4:00)
index=<search_strings> earliest=-30d@d date_hour>=2 AND date_hour<4
| timechart s...
Labels
- Labels:
-
chart
-
dashboard
-
Dashboard Studio
-
table
-
timechart
04-22-2024
02:38 PM
Hello, I have a static data about 200,000 rows (potentially grow) needs to be moved to a summary index daily. 1) Is it possible to move the data from DBXquery to summary index and re-write the d...
Labels
03-11-2015
10:13 AM
1 Karma
The events, each contain fieldA and fieldB (as well as other stuff). Currently, the search below works for 1 day, but I am trying to get a per day result for 30 days:
| top fieldB by f...
12-04-2019
12:23 PM
1 Karma
I am writing a search which I intend to use to create an alert from. I keep getting "No Results" from this search unless I remove the third line (where Percent.........). Something is wrong with t...
- Tags:
- splunk-enterprise
10-05-2015
08:32 PM
...he route of making a custom search command, but I would rather not if there's a sensible way of dealing with this within Splunk. 🙂
Update: woodcock asked for an example to better understand what I...
03-01-2022
12:48 AM
Hi, I am trying to create a alert for cpu usage by using below query, index=os host=cbtsv | stats latest(*) as * by host | table _time cpu_load_percent cpu_user_percent | eval CPU=cpu_load_per...
Labels
- Labels:
-
alert action
-
alert condition
02-07-2023
01:18 PM
...ttp_status=mvindex(temp,6,10)
| search (
"/services/protected/v1/developers" OR
"/wcaapi/userReg/wgt/apps"
)
| search NOT "Mozilla"
| eval API = if(match(API,"/services/protected/v1/developers"), "D...
Labels
- Labels:
-
eval
02-28-2023
02:00 PM
Hi I have a field, mode, which returns either returns data or is None (mode_true, mode_false). I'm trying to search and aggregate the sum [over time] of both outcomes over separately then p...
04-20-2015
08:41 AM
i am trying to think of a way to craft a search that will look for any hosts doing web-requests to the same site/url at regular the same intervals.
Basic idea is that Host A does a request to W...
11-01-2022
06:52 AM
I am looking to convert this regular search: index=foo action=blocked `macro` src_zone=foo | timechart count span=1d over to a search that leverage tstats and the Network Traffic datamodel that s...
Labels
- Labels:
-
data model
