Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
10,000 results
Sorted by:
3 weeks ago
Hi, I have a data source that lists phone calls. Each call record will list a set of values, in defined fields The key information I’m interesting in, is a field called Phone_Number And a field c...
Labels
- Labels:
-
stats
4 weeks ago
I have simple search: index=xyz logLevel IN (ERROR, INFO) How do I plot two different color in a timespan chart? See attached sample timespan chart. Ideally, I want to show red fo...
01-25-2021
02:28 AM
...f(isNull(enddatetime), "RUNNING", enddatetime)
| eval Statustext = "From ".startdatetime. " To ".enddatetime." on ".extracted_host
| stats latest(rstatus) AS "Status" latest(Statustext) as Statustext b...
Labels
- Labels:
-
index
-
universal forwarder
Show results in replies (6)
-
Hi @hazemfarajallah, it works because you have bothe the timestamps (stats and end) in the s...
-
Hi @hazemfarajallah, you need the stats command to group your events, using table, you d...
-
Thanks, | dedup sessionnumber | stats latest(startdatetime) AS startdatetime l...
-
...he stats command you have only one numeric value: "Status". Maybe the difference between "s...
-
...bsp; and i do believe i have a grouping issue Here i removed the table and back to stats i c...
-
Hi @hazemfarajallah, image isn't available, but I have the information I need: the format of ...
02-03-2021
02:59 AM
...orkstations Index index=workstations sourcetype=machines
This has the following fields
pc_id
pc_type
user_name I can then do a stats instead of join on this data using user_name as the "j...
02-25-2019
02:52 AM
Hi, I wonder whether someone can help me please.
I'm using number the following as part of a query to extract data from a summary Index
| stats count(eval(repayments_submit="1")) as r...
01-17-2018
02:53 AM
1 Karma
I can't comprehend what 'eventstats' is. I went thru the splunk docs. I wanna use math functions like avg.. etc.. not sure whether to use stats avg or eventstats avg !! An example would be a...
- Tags:
- splunk-enterprise
Labels
- Labels:
-
stats
12-07-2020
03:58 PM
Hi Everyone, I'm newer-ish to splunk. I'm doing a search similar to this in splunk : index=mfa sourcetype=lexus Subcategory="Delivery Method". With the search results, I want to do stats c...
Show results in replies (5)
-
...ecurity|User selected) (?<mode>\w+) (delivery|questions)" | stats count by mode OR this using an e...
-
...orking. I can do stats count by action? or something else to get the count?
-
...ethod" | rex field=action "User selected (?<mode>\w+) delivery" | stats count by mode The r...
-
...hen just | stats count. Or maybe I still don't understand what you want. If not, perhaps you can b...
-
...ethod. There are these 3 actions, that I'm trying to get "stats" on. Counts on. To search and t...
06-07-2019
10:13 AM
Good afternoon
I have a stats count query leading to a single number dashboard. I was wondering if it is possible to make that dashboard interactive to click on then showing another query to show t...
05-08-2020
03:55 PM
...pecific activity. I then use stats to sum the time each associate works:
stats sum(hoursWorked) by Associate
but I want to use bins to create a bell curve to show the "normal" distribution of e...
01-16-2019
11:23 AM
...ogin.php" OR uri="/*admin/" OR uri="*user\/login" uri!="*revslider*" action!=blocked
| stats count by src uri
| sort -count
| stats list(uri) as URI, list(count) as count, sum(count) as Total by src
| s...
