Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
164 results
Sorted by:
10-17-2021
09:16 PM
I'm using mstats earliest_time(metric) to find the earliest time for metric. If I use |mstats prestats=false earliest_time("http_req_duration_value") as "Start Time" where index=a...
Labels
- Labels:
-
configuration
-
metrics
11-02-2020
05:47 PM
...ther query | mstats prestats=true avg(load.*) WHERE (`sai_metrics_indexes`) AND host=lalalala by host span=1m | timechart span=1m avg(load.longterm) AS Longterm by host which also works perfectly N...
Labels
- Labels:
-
subsearch
06-28-2018
06:57 AM
Is there a way to use the improved mstats syntax introduced in 7.1 (changes described here) with metrics that have spaces in their names? I'm getting an error "Term based search is not supported" w...
10-11-2018
09:02 AM
I am not able to get the latest (or earliest) _time values using mstats.
| mstats sum(bytes) latest(_time)
where index=metrics_app_dest_survey by app_name
is returning:
11-10-2021
08:10 AM
@sideview Hi Nick I am using a join with mstat, but i am hoping that i dont have to. However, i cant crack it - any help would be amazing. Below is the current SPL | mstats min("m...
- Tags:
- join
Labels
- Labels:
-
join
03-12-2019
04:03 AM
I try to use mstats and mcatalog command
it just simply does not work, I think its Splunk settings side Im missing,
such as this:
| mstats sum(bytes) latest(_time) where index=m...
03-30-2022
12:45 AM
...o be specific to some hosts. 1)
| mstats max(cpu.idle) AS "CPU_IDLE" avg(memory.free) as "MEMORY_FREE" avg(swap.used) as "SWAP_USED" WHERE `sai_metrics_indexes` earliest=-30m@m by host | eval "c...
Labels
- Labels:
-
stats
10-17-2019
08:29 AM
I know that events and metrics use different index types. Does that mean I can't create an alert (outside of metrics workspace) using an SPL search with mstats?
E.g., I am pumping collectd uptime i...
03-31-2022
05:08 AM
How to convert `_time` to the column and `host` as an index while using `mstats`? | mstats avg(_value) prestats=true WHERE metric_name="cpu.*" AND index="*" AND (host="host01.example...
01-12-2021
02:30 PM
...oin works one of the fields - "Uptime_seconds" - in the initial search generates becomes empty. My initial query is: | mstats latest(System.System_Up_Time) as Uptime_seconds latest(Processor.%_...
Labels
- Labels:
-
join
-
search job inspector
Show results in replies (3)
-
I wondered if it was related to the data from an mstats call. You could try using append with t...
-
...ppend and stats functions instead: | mstats latest(System.System_Up_Time) as Uptime_seconds l...
-
...he mstats as the subsearch and the standard search as the outer - it would be interesting to see if o...
