Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
542 results
Sorted by:
05-23-2018
10:31 AM
I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetype per day over a span of 1 week. Can I use the eventcount for this? I'm not h...
12-22-2017
08:55 AM
...ondition on tstats removed for the example below):
| tstats latest(_time) as latest where index=* by index
returns 51 of my indexes, while:
| eventcount summarize=false index=* | dedup i...
05-30-2016
05:09 PM
Hi.
A site we are on has attemtped to migrate data from one splunk cluster to another. We've come in late to help and have fixed most things up but they are noticing a difference in their eventcount...
09-04-2012
03:43 PM
I am comparing the results of the following two searches for one user id:
source="xxxx" | transaction userid, pid keeporphans=f maxspan=70m maxpause=45m mvraw=t delim="," mvlist=t | stats avg(eventcount...
07-10-2018
08:49 AM
...nto problems with structuring the query correctly. I wrote two queries that I need to combine:
| eventcount summarize=false index=* | fields index | dedup index which gives me all of the indexes t...
02-26-2016
04:21 AM
1 Karma
I did a dashboard panel that shows stats count results with a pie chart.
I'd like to show in the panel title the total number of events (not the result number).
I already used tokens to do this ...
09-06-2019
12:19 PM
...re the eventcounts for each ComputerName where x=[10, 20, 30, 40], and maxevents undefined (i.e. not included in the SPL).:
________________ x = 10_____20_____30_____40__Undefined
Computer1, t...
11-12-2012
03:40 PM
It appears there seems to be a limit of the number of events can be in a transaction.
I am doing transactions, and it seems when the number of transactions is over 90 and I export it to CSV, it app...
- Tags:
- transaction
10-25-2016
12:05 AM
...abel>
<prefix>index="</prefix>
<suffix>"</suffix>
<search>
<query>| eventcount summarize=false index=* | d...
05-01-2015
01:16 PM
