×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
shubham1234
New Member
Member since: ‎07-06-2019
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-06-2019
Activity Feed
View All

Re: How to get the difference in count of users an...

by in Splunk Enterprise Security
‎10-05-2019 12:07 PM
‎10-05-2019 12:07 PM
Thanks a lot 🙂 ... View more

Re: i want a splunk query for alert , if a event t...

by in Alerting
‎07-08-2019 06:41 PM
‎07-08-2019 06:41 PM
You can do something like this: | tstats avg(_indextime) AS avg_indextime max(_indextime) AS max_indextime WHERE index=* BY sourcetype host _time | stats avg(avg_indextime) AS avg_indextime max(max_indextime) AS max_indextime BY sourcetype host | where ((avg_indextime > 30*60) OR (max_indextime > 30*60)) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM