Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
71 results
Sorted by:
09-08-2019
09:00 PM
...sesummaryindexing
If that is collect, I have no idea how to aggregate the maximum value in summary index data.
The summary index data are created by the following search.
"index=_internal | sitimechart span=1m c...
01-16-2020
07:13 AM
When using index=blah | sitimechart dc(field1) by field2 It saves every single element for field1 concatenated into a new field called psrsvd_vm_field1. For me this makes for an insanely i...
06-16-2018
04:25 AM
1 Karma
...pu_load_percent) by host
It looks like this:
When I try to use summary indexing to save this search as a report using sitimechart, the results are completely different:
index=p...
Show results in replies (4)
-
The si commands - sitimechart , sitop , sistats etc all save data in what is basically a s...
-
...'m looking to timechart. That value is not present in the sitimechart statistic results: t...
-
...erfmon host="UW2*" | sitimechart span=1h avg(cpu_load_percent) by host ^ to create summary i...
-
...ikely you are misusing the sitimechart command, and/or have not made your summary generation search c...
07-02-2013
01:43 PM
6 Karma
Short general question. It seems that they are just the summary index version of the normal commands. Are there any additional differences or anything else I should know about? The docs page was a li...
06-16-2014
11:30 PM
Hi,
i'm using splunk 6.1.1
I made this si- search and scheduled it to run "every hour" at period -1h@m to "now"
..
| where isnotnull(HAS_ERROR_TYPE)
| dedup SID1
| sitimechart span=1h c...
04-21-2019
10:43 AM
I don't understand why nothing is in the summary index. How can something return rows via sitimechart , but not put those rows in summary?
Here's a log sample:
04-21-2019 11:00:14.786 -0600 I...
09-09-2013
01:32 PM
...he summary index using sitimechart.
01-07-2014
08:40 AM
...er_index_thruput series = indexA | sitimechart span=1d sum(kb) by series
cron_schedule = 15 * * * *
action.summary_index = 1
enableSched = 1
dispatch.earliest_time = -1h@h
dispatch.latest_time = now@h
a...
05-02-2013
07:42 AM
I'm creating a summary report based on a timechart that counts the number of eventcounts for a certain transaction.
index=xpto | transaction maxspan=2m maxpause=30s fields=correlation | sitimechart...
10-30-2013
11:35 AM
...ike to be able to create a timechart showing me counts per sourcetype over time (or index, or host, etc.). Is this doable given how the data is being stored above, especially since I'm not using sitimechart...
