Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
24 results
Sorted by:
01-10-2011
04:34 PM
Is there a way to limit the amount of summary events stored by sitop. I have scheduled search running every night with a sitop limit=20 (to store only the 20 top results) but the limit option does s...
- Tags:
- stats
- summary-index
07-05-2019
07:30 AM
...nt==1)) as conecutive_change
| fields - cnt cnt_old
| eval cnt=conecutive_change+1
| fields - conecutive_change
| eval decimal=(cnt%3)/3
| eval action=if(decimal=0,1,0)
| where action==1
| sitop d...
02-22-2013
08:25 AM
I am using the following query to load firewall data into a summary index I've created:
host="aegis1.grc.nasa.gov" | sitop policy_id
This query runs every 5 minutes and it working well.
H...
- Tags:
- summary-index
05-15-2010
12:17 AM
I've got a summary index query which currently matches only one (1) event in my existing data. I've run the fill_summary_index.py to backfill the data for that time period. When I attempt to fetch ...
- Tags:
- summary-index
11-02-2016
02:28 PM
...’ve looked at the loadjob command but that has a limit of 25,000 events.
I've looked at the sitop command but that limits the second search to just a top . As far as I know top is limited to a...
02-15-2020
09:52 PM
Hi
How can I Run SPL command once and store result to access result faster next time.
for e.g. I need to analyses large logs every night and in next day access to "save search" and "dashboards" ...
10-15-2010
08:14 PM
4 Karma
In the latest versions of Splunk, summary indexing does not deduct from the licensed indexing capacity. How does Splunk determine if data is summary data? Is it through use of the summary search co...
12-16-2014
06:08 AM
...ith the sitop command, is there another way to calculate the top 5 clients which displays volume by clientkey and total percentage of overall volume by clientkey?
Thanks in advance for your help!!!
06-03-2010
05:23 PM
...time | sitop 5 field1 by _time
What we notice is that there are two buckets created within a single day. One has a 12:00 AM value and the other has a 5:00 PM value. We just need all of the e...
11-01-2010
03:45 PM
...uery" is a defined field in my dns eventtype") such as:
sourcetype="dns" query_type="A" query!="some.domain.x" | sitop query limit="50"
At this point though, this has made my search quite long as t...
