Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
20,000 results
Sorted by:
03-30-2021
05:57 PM
Hi, I have a data source that lists phone calls. Each call record will list a set of values, in defined fields The key information I’m interesting in, is a field called Phone_Number And a field c...
Labels
- Labels:
-
stats
03-22-2021
09:09 PM
I have simple search: index=xyz logLevel IN (ERROR, INFO) How do I plot two different color in a timespan chart? See attached sample timespan chart. Ideally, I want to show red fo...
02-28-2022
06:30 AM
Hey there,
I have a field let's say "abc" with values as such : 1,3,5,7,5,3,2,1,5,7,8,5,1,1,2,2,3,2,1,1,2,3,2,3
here what I am trying to look here is first do a stats count by abc | where c...
02-25-2019
02:52 AM
Hi, I wonder whether someone can help me please.
I'm using number the following as part of a query to extract data from a summary Index
| stats count(eval(repayments_submit="1")) as r...
04-13-2022
06:11 AM
...tems_RG
But it is not showing Total in the output, but when I use stats instead, I don't get the time column to show the graph as timechart.
&n...
01-17-2018
02:53 AM
1 Karma
I can't comprehend what 'eventstats' is. I went thru the splunk docs. I wanna use math functions like avg.. etc.. not sure whether to use stats avg or eventstats avg !! An example would be a...
- Tags:
- splunk-enterprise
Labels
- Labels:
-
stats
06-16-2021
03:06 AM
...ndex_windows` EventCode=4688
| fields Process_Command_Line, New_Process_Name
| stats count(Process_Command_Line) as totalCount by New_Process_Name, Process_Command_Line
| eventstats sum(totalCount) as _...
08-25-2021
05:59 PM
I'm going to check the permission and rejection of the scan attack per hour. At this point, what I wrote... Which is appropriate, Vlaues or the list?
Also, which one is suitable, stats or stream stats...
- Tags:
- stats
- streamstats
Labels
- Labels:
-
stats
Show results in replies (4)
-
index="firewall" (action="allow" OR action="deny" ) AND ( attack="*scan") | bin _time span=1h | stats...
-
instead of values(count) in second stats try sum(count)
-
@nnonm111 stats should work for your case changed span to 1h. index="firewall" (a...
-
index="firewall" (action="allow" OR action="deny" ) AND ( attack="*scan") | bin _time span=1h | stats...
04-15-2014
08:05 AM
2 Karma
...f and stats sum, and 2) stats if count.
How can I make these methods work, if possible? I want to understand the functions in this context. Also, is there a better way?
Here is my eval a...
Show results in replies (4)
-
...t; 8), 1, 0) | stats sum(bool) as count or base search | stats count(eval((field1 != field2) A...
-
...he first method like this?: base search | eval bool = (field1 != field2) AND (field3 < 8) | stats...
-
...rom building the report. If you have multiple such conditions the stats in way 2 would become i...
-
...99 Erros"), 1, 0) | stats sum(ok) as ok sum(nok) as nok by hhost | addtotals | eval p_ok=ok/Total*1...
2 weeks ago
hello I stats events after 2 eventstats command like this | eventstats sum(netp) as "netp1" by site
| eventstats sum(netp) as "netp2" by site user
| stats last(netp1) as "n...
Labels
- Labels:
-
other
Show results in replies (8)
-
yes but its just because I have modified the code for the example and I have mistaken... so in my ...
-
...ventstats sum(netp) as "netp2" by site user | eventstats sum(netp) as "netp" by site | stats last(netp) a...
-
Please update your question so that it represents your actual issue
-
it's done
-
...etp) as "netp2" by site user | stats last(netp1) as "netp1", last("netp2") as "netp2" by site user
-
...ifferent because in the bar chart for ntp2 there is just one user so there is a problem in the way of stats...
-
...hat do you get if you add this to the search | stats count by site
-
Correct - the red bar represents the count for the site, and the blue bar represents the count for ...
