Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
26 results
Sorted by:
01-10-2011
04:34 PM
Is there a way to limit the amount of summary events stored by sitop. I have scheduled search running every night with a sitop limit=20 (to store only the 20 top results) but the limit option does s...
- Tags:
- stats
- summary-index
05-20-2014
09:46 AM
1 Karma
...re used (sitop, sirare, sistats, sichart, sitimechart and collect) and the sourcetype is not renamed (stash) it does not count for licensing.
05-15-2010
12:17 AM
I've got a summary index query which currently matches only one (1) event in my existing data. I've run the fill_summary_index.py to backfill the data for that time period. When I attempt to fetch ...
- Tags:
- summary-index
07-05-2019
07:30 AM
...nt==1)) as conecutive_change
| fields - cnt cnt_old
| eval cnt=conecutive_change+1
| fields - conecutive_change
| eval decimal=(cnt%3)/3
| eval action=if(decimal=0,1,0)
| where action==1
| sitop d...
02-22-2013
08:25 AM
I am using the following query to load firewall data into a summary index I've created:
host="aegis1.grc.nasa.gov" | sitop policy_id
This query runs every 5 minutes and it working well.
H...
- Tags:
- summary-index
10-15-2010
08:14 PM
4 Karma
In the latest versions of Splunk, summary indexing does not deduct from the licensed indexing capacity. How does Splunk determine if data is summary data? Is it through use of the summary search co...
12-03-2013
08:33 PM
I have a query that produces 4 field values. I am looking for a way to use thae gauge command to create multiple gauges, one for each result field of the query?
- Tags:
- radialgauge
11-02-2016
02:28 PM
...’ve looked at the loadjob command but that has a limit of 25,000 events.
I've looked at the sitop command but that limits the second search to just a top . As far as I know top is limited to a...
06-03-2010
05:23 PM
...time | sitop 5 field1 by _time
What we notice is that there are two buckets created within a single day. One has a 12:00 AM value and the other has a 5:00 PM value. We just need all of the e...
02-15-2020
09:52 PM
Hi
How can I Run SPL command once and store result to access result faster next time.
for e.g. I need to analyses large logs every night and in next day access to "save search" and "dashboards" ...
