...escriptions and examples, see "Functions for stats, chart,
and timechart".
but when i run per_minute(), per_second() Functions with Stats and streamstatscommands.
it isn't work why ?
any i...
...plunk docs for streamstats say that the window will take into account the "by" field:
See here under "More examples"
http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/Streamstats...
...ap to the same variable in multiple sections of the subsearch, one of which is specifically in the by section of a tstats . The examples below are proofs-of-concept to illustrate the problem. I've t...
...evices with the new software AND it is clear to see, that it doesn't depend primary on how many events where registered.
I just tried streamstats like mentioned in the first comment (that was m...
Hi all,
I try to group events using transaction. Since there are multiple endswith condition, i tried following to match either one of the 3 string patterns but unable to match:
... | trans...
the Scenario like this: I want to pick up 5% minimum value from thousands of data, Example: 1,2,3 ,4 5,6,7,8,9,10 I want pickup minimum 30%, i.e (1,2,3) will b...
...earch..........| use rex command to create the field for the weight | stats count by weight | where count>10
But I don't know how I can confirm the time of those events are happens within 10 m...
...ere is the query:
source="***" index="***" (Tag="$tag$")
| streamstats latest(_time) as latest_time by Tag| where _time=latest_time
| eval ValueLatestEvent=round(((Value*100)/$v...
I'm trying to use makeresults to test an alert but it doesn't work because "number of events" is always 0, but I thought the point of makeresults is to always make events?