Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
326 results
Sorted by:
06-17-2013
08:56 PM
Hi, just curious how the rare command qualifies a field as rare.
- Tags:
- rare
Show results in replies (6)
-
...ocs 😉 see this one for rare: http://docs.splunk.com/Documentation/Splunk/5.0.3/SearchReference/Rare
-
Like kkolb said, it's the opposite of top - "rare" values of fields are simply the ones that a...
-
rare will look at all the values for a given field in the search results and return a list of t...
-
...oes it say a result is rare? is it the number of counts it appeared in the search? If it is the c...
-
...uriosity is the ratio by which it decides it is rare..is it 1:1000? 1:5000? etc...does it compare with the h...
-
The least common values of a field within the timeframe. Not the rarity of the field as such. Op...
09-14-2021
08:39 AM
...utomatic lookup table so it has to be replicated to the search peers. The lookup table file is static and rarely changed. My questions are: - Once the replication bundle syncs successfully, will Splunk SH t...
- Tags:
- lookup
- replication
Labels
- Labels:
-
distributed search
08-07-2014
06:08 PM
2 Karma
I'm finding some splunk commands can detecting unusual event.
For example, each event has username field, usually usernames are same or similar, but sometimes there are some unusual username. So, I...
07-11-2018
06:16 AM
Hi,
I'm trying to find least common agent useing two commands:
1) sourcetype=access_combined| rare useragent
2) sourcetype=access_combined| stats values(useragent) count by useragent | sort c...
04-19-2017
06:04 AM
Hey everyone
i have a little bit of a problem with some of my searches, as I am only rarely able to execute them. Splunk Web just keeps showing the "new search" page (in a dashboard it shows "C...
08-25-2015
05:05 AM
Hi,
I want to know if it's possible to get rare and top value on the same table search.
index=_internal |top limit=5 sourcetype
index=_internal |rare limit=5 sourcetype
thx
07-01-2021
05:53 AM
I added iplocation lookup into my CIM data model. I found there's a rare handling when I validate the result by running | from datamodel: SPL The result SPL is like following an i...
- Tags:
- datamodel
- iplocation
Labels
- Labels:
-
using Splunk Enterprise
09-09-2015
07:27 AM
...op), and other stats too.
I am also interested in other stats for each field:
Rare 10 values and their counts and percents
Values which deviate from the standard pattern
Table:
Type F...
07-24-2019
10:38 AM
I'm running -
index=<indexname> | fields
or
index=<indexname> | fieldsummary
They don't show the fields which are very rare in the content. Is there a way to see all f...
10-11-2017
10:51 PM
Hello!
I'm fairly new to Splunk, and I'm using my Minecraft server logs to chart some data. I am having a hard time charting rare values. Here is the search I'm trying:
index=minecraft action=b...
- Tags:
- splunk-enterprise
