Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
63 results
Sorted by:
09-08-2019
09:00 PM
...sesummaryindexing
If that is collect, I have no idea how to aggregate the maximum value in summary index data.
The summary index data are created by the following search.
"index=_internal | sitimechart span=1m c...
01-16-2020
07:13 AM
When using index=blah | sitimechart dc(field1) by field2 It saves every single element for field1 concatenated into a new field called psrsvd_vm_field1. For me this makes for an insanely i...
06-16-2018
04:25 AM
1 Karma
...pu_load_percent) by host
It looks like this:
When I try to use summary indexing to save this search as a report using sitimechart, the results are completely different:
index=p...
Show results in replies (4)
-
The si commands - sitimechart , sitop , sistats etc all save data in what is basically a s...
-
...'m looking to timechart. That value is not present in the sitimechart statistic results: t...
-
...erfmon host="UW2*" | sitimechart span=1h avg(cpu_load_percent) by host ^ to create summary i...
-
...ikely you are misusing the sitimechart command, and/or have not made your summary generation search c...
07-02-2013
01:43 PM
6 Karma
Short general question. It seems that they are just the summary index version of the normal commands. Are there any additional differences or anything else I should know about? The docs page was a li...
04-21-2019
10:43 AM
I don't understand why nothing is in the summary index. How can something return rows via sitimechart , but not put those rows in summary?
Here's a log sample:
04-21-2019 11:00:14.786 -0600 I...
09-09-2013
01:32 PM
...he summary index using sitimechart.
01-07-2014
08:40 AM
...er_index_thruput series = indexA | sitimechart span=1d sum(kb) by series
cron_schedule = 15 * * * *
action.summary_index = 1
enableSched = 1
dispatch.earliest_time = -1h@h
dispatch.latest_time = now@h
a...
05-02-2013
07:42 AM
I'm creating a summary report based on a timechart that counts the number of eventcounts for a certain transaction.
index=xpto | transaction maxspan=2m maxpause=30s fields=correlation | sitimechart...
10-30-2013
11:35 AM
...ike to be able to create a timechart showing me counts per sourcetype over time (or index, or host, etc.). Is this doable given how the data is being stored above, especially since I'm not using sitimechart...
08-16-2016
04:01 AM
Hi,
I need a top count of the total number of events by sourcetype to be written in tstats(or something as fast) with timechart put into a summary index, and then report on that SI. Using sitimechart...
