×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
andrew_m_streic
New Member
Member since: ‎10-19-2018
‎09-27-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-19-2018
Topics I've Started
No posts to display.
View All

Re: SPL

by SplunkTrust in Dashboards & Visualizations
‎09-27-2021 12:44 PM
‎09-27-2021 12:44 PM
I think the easiest way (I'm not sure that it's the most effective one though) to obtain stats from various point in time is to add an incremental stats value using streamstats and then just filter out three points in time. Something like: <<your_search>> | streamstats dc(Incident_Number) as "incident Count" by APP_DETAILS Then you can do | timechart span=30d latest("incident Count") by APP_DETAILS Ths should be the easiest one because you don't need to use three different searches to calculate three distinct sets of values and then append them together (it's append, not join which you would want anyway).   ... View more

Re: Why use data models instead of just having rep...

by in Knowledge Management
‎09-27-2021 09:57 AM
‎09-27-2021 09:57 AM
Data models are great for several things. The main thing is normalization of data. You can bring in different types of logs with different fields and search them using a set normalized field. For example. 3 different firewall might call the source ip differently. It might be called src_ip, client_ip, source_address. Using a data model you can search this using one standard name src. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-27-2021 01:17 PM