Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
252 results
Sort by:
10-05-2023
10:38 AM
Hi, I have a alert query that uses mstats, I want this query to not throw alert during public holidays (from 9 AM to 5 PM). I have created a lookup holidays.csv with columns "Date","Description". H...
11-02-2020
05:47 PM
...ther query | mstats prestats=true avg(load.*) WHERE (`sai_metrics_indexes`) AND host=lalalala by host span=1m | timechart span=1m avg(load.longterm) AS Longterm by host which also works perfectly N...
Labels
- Labels:
-
subsearch
09-13-2023
09:11 PM
Hi there, I am trying to make a statistic graph in my dashboard using the search below. | mstats rate(vault.runtime.total_gc_pause_ns.value) as gc_pause WHERE `vault_telemetry` A...
06-28-2018
06:57 AM
Is there a way to use the improved mstats syntax introduced in 7.1 (changes described here) with metrics that have spaces in their names? I'm getting an error "Term based search is not supported" w...
10-11-2018
09:02 AM
I am not able to get the latest (or earliest) _time values using mstats.
| mstats sum(bytes) latest(_time)
where index=metrics_app_dest_survey by app_name
is returning:
07-20-2022
08:10 AM
I have a basic SPL using mstat but I can't use treills with it? Any ideas why I can't select "severity"
| mstats count("mx.process.logs") as count WHERE "index"="m...
Labels
- Labels:
-
using Splunk Enterprise
10-17-2021
09:16 PM
I'm using mstats earliest_time(metric) to find the earliest time for metric. If I use |mstats prestats=false earliest_time("http_req_duration_value") as "Start Time" where index=a...
Labels
- Labels:
-
configuration
-
metrics
03-12-2019
04:03 AM
I try to use mstats and mcatalog command
it just simply does not work, I think its Splunk settings side Im missing,
such as this:
| mstats sum(bytes) latest(_time) where index=m...
10-17-2019
08:29 AM
I know that events and metrics use different index types. Does that mean I can't create an alert (outside of metrics workspace) using an SPL search with mstats?
E.g., I am pumping collectd uptime i...
11-21-2017
04:19 PM
I know that I can combine multiple metrics using mstats as:
| mstats avg(_value) AS "Average" WHERE metric_name=metric_name* span=1m by metric_name, host
this would create a row per m...
Show results in replies (3)
-
...etric_name* : | mstats avg(_value) as metric_name1 WHERE metric_name="metric_name1" by host span=1m | join type=l...
-
Have there been any updates on methodologies for extacting multiple metrics in a single mstats c...
-
...our mstats search like this: | mstats avg(_value) AS avg_v max(_value) AS max_v min(_value) A...
