×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Findekano
Engager
Member since: ‎04-18-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎04-18-2014
View All

Re: Filter search result to only include events th...

by in Splunk Search
‎04-19-2014 05:12 PM
‎04-19-2014 05:12 PM
Figured it out. Just use timechart directly: sourcetype=my-data | eventstats count(request-id) as requestCountByService by remoteServiceName | timechart count by remoteServiceName limit=3 ... View more

Filter search result to only include events that h...

by in Splunk Search
‎04-19-2014 04:52 PM
‎04-19-2014 04:52 PM
Hi - I am building a query as below: sourcetype=my-data | eventstats count(request-id) as requestCountByService by remoteServiceName | where requestCountByService > 5000 | timechart count by remoteServiceName The intent was only services that has more than 5000 requests in the given search time window. There are 2 problems that I want to fix: The hard coded number 5000 is not flexible. I would like to use something like top 5 to show the top 5 services that made the most requests. The query above will exclude the request made by other services that doesn't meet the where clause. I want to show them as 'OTHER` group. How should I update the search query? Thanks in advance! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM