Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
3,000 results
Sorted by:
01-24-2023
11:01 AM
...an I display the number of failures, plus earliest(_time) and latest(_time) by src_ip
I've tried using streamstats like below, but do not get what I'm looking for
index=myIndex AND status=* | t...
Labels
- Labels:
-
stats
08-08-2017
08:08 AM
I want a cumulative count of a field that has multiple values. Somehow this isn't working:
base search| streamstats count(State) as dur time_window=1w| timechart sum(dur) by State span=1w
Show results in replies (5)
-
...y State | streamstats sum(*) as *
-
How about this? base search| timechart count by State span=1w | streamstats sum(*) as *
-
...plit into weeks instead of months: base search| timechart count by State span=1w | streamstats s...
-
...plit into weeks instead of months: base search| timechart count by State span=1w | streamstats s...
-
...nswer, thanks 🙂 you might need to sort your events before your streamstats since you're doing a...
08-25-2021
05:59 PM
I'm going to check the permission and rejection of the scan attack per hour. At this point, what I wrote... Which is appropriate, Vlaues or the list?
Also, which one is suitable, stats or stream st...
- Tags:
- stats
- streamstats
Labels
- Labels:
-
stats
a month ago
Hi,
We have applications Availability data in splunk. With below SPL, I got this data.
Base_SPL..| streamstats reset_on_change=true count as Real_Status by status,JonName
The challenge is t...
Labels
- Labels:
-
other
Show results in replies (7)
-
...ike this | streamstats reset_on_change=true count as Real_Status by status,JobName | reverse | streamstats...
-
...tatus | streamstats window=2 count as Real_Status BY status JobName | where status="FAIL" AND R...
-
This solution is missing the 1st event of the consecutive events, as highlighted. &nbs...
-
We are still missing the first event in the series of consecutive failures.
-
...olution, something like this should work... | streamstats reset_on_change=true count as Real_Status by s...
-
I see what I did wrong. I've fixed my answer.
-
Add another streamstats to find the maximum value of Real_Status and then filter out events with a...
01-03-2019
07:34 AM
...F27461'
where TOMMYLE is the user and 'HttpSession created/destroyed' indicates when he logs in and gets logged out from the app. I could use some help probably with streamstats or something similar w...
- Tags:
- splunk-enterprise
03-26-2018
10:36 AM
1 Karma
...00
8/15/15 08:00:00|plums|200|-2
8/15/15 08:00:00|peaches|275|+80
Pretty sure I need to use streamstats and delta but can't get the combo right.
09-03-2012
02:52 AM
Hi,
I'm using streamstats to calculate the median for a field and timechart to see the count of events where the field has a value less than a median.
... | streamstats median(bytes) as meby|e...
- Tags:
- median
- streamstats
10-25-2019
08:52 AM
I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (Legacy code FTW)
To help with performance, I added the fields command to e...
Show results in replies (4)
-
...oobar=foo+" "+bar | streamstats current=false window=5 global=false last(field_of_interest) as p...
-
Accepting this answer. There is no apparent conflict between fields and streamstats after r...
-
OK, frustrated.. I went back to the exact query that I thought I was running last week, and streamstats...
-
...earch results did not contain more than 1 event per value of foobar (my BY clause). Obviously streamstats...
05-31-2020
10:42 PM
...bc On
Here I want to calculate "Number of Times State Went from On to Off" and "Number of Times State Went from Off to On" using streamstats command. In above case results will be-
source|d...
Labels
- Labels:
-
count
01-15-2013
07:15 PM
Hi,
a question about streamstats as described here:
http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/Streamstats
It works out like described, but my query requires me to look a...
