Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
24 results
Sort by:
05-28-2014
09:27 PM
...o this:
earliest=5/12/2014:00:00:00 latest=5/13/2014:00:00:00 index=test1 | stats sum(duration) AS duration by type city | eventstats sum(duration) AS city_duration by city | appendpipe [ stats s...
06-11-2024
06:12 PM
Hello, I need help improve efficiency of my search using eventstats. The search worked just fine, but when I applied to large set of data, it took too long. Please suggest. Thank y...
- Tags:
- eventstats
05-13-2010
11:41 PM
1 Karma
I've got a search which returns a simple table like this one:
clean 61234
cleaned 22
infected 173
spam 87134
I'd like to calculate percentages from these results. I don't seem t...
- Tags:
- search-language
- stats
06-16-2021
10:47 PM
the Scenario like this: I want to pick up 5% minimum value from thousands of data, Example: 1,2,3 ,4 5,6,7,8,9,10 I want pickup minimum 30%, i.e (1,2,3) will b...
Labels
- Labels:
-
stats
11-21-2014
10:28 PM
Using 6.1, I would like to create a horizontal line with area chart. I have read so many examples and my search command has produce very close result. Only thing missing is to show by sourcetype l...
08-22-2023
08:58 PM
Hello, How to join data from index and dbxquery without using JOIN, APPEND or stats command? Issue with JOIN: limit of subsearch 50,000 rows or fewer. Missing data. Issue with A...
06-29-2023
08:04 AM
...f the filtered events if in_process events were first, for example, 1 hour before the delivered event. I'm very confused with the operators that Splunk uses for the filtering and calculating l...
11-12-2018
11:41 AM
...vexpand can, under certain situations, can lead to scaling challenges with SPL. I generally think of these problematic cases as examples where each individual input event expands into lots (hundreds, t...
12-11-2017
06:37 PM
...earch..........| use rex command to create the field for the weight | stats count by weight | where count>10
But I don't know how I can confirm the time of those events are happens within 10 m...
- Tags:
- splunk-enterprise
01-10-2023
04:43 AM
...ate_month=upper(date_month)
| eventstats avg(active_state) as Active_UEs avg(idle_state) as Idle_UEs by date_month
| eval Active_UEs=round(Active_UEs,0), Idle_UEs=round(Idle_UEs,0)
| stats count by d...
- Tags:
- splunk
Labels
- Labels:
-
using Splunk Enterprise
