×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mpace
New Member
Member since: ‎01-13-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-13-2016
Activity Feed
View All

Re: How can I write a search to find lost connecti...

by in Splunk Search
‎01-14-2016 07:43 AM
‎01-14-2016 07:43 AM
I am still getting no results even when I unplug the device for test. ... View more

Re: How can I write a search to find lost connecti...

by in Splunk Search
‎01-13-2016 12:34 PM
‎01-13-2016 12:34 PM
Do I need to index=main sourcetype=generic_single_line host="ip" | where (_time-time()) > 10. Is the integer <10> in the units of seconds or milliseconds, or do I need to specify the integer as units of seconds <10s>. As of right now I do not receive results by changing time to 1 or .1 thanks ... View more

How can I write a search to find lost connections ...

by in Splunk Search
‎01-13-2016 05:45 AM
‎01-13-2016 05:45 AM
Greetings, I am using a syslog setup for my data source. I am trying to create a way to search for lost connection by comparing last event received to the time now. I have events that come in about every 1-2 secs, I need a way where I can run a real-time search for any time an event is greater than, Ex: 10 secs, and notify me when that happens. I am stuck on the syntax portion of writing this expression. I have tried host="ip" compare=latest=-10s < timenow=now() but I am pretty sure I have the syntax wrong. Thanks Mac ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM