About bevan_broun_sit

bevan_broun_sit · ‎01-10-2023

Hi BTW this is not about not about license consumption. Its about alerting when something changes its expected logging pattern.

bevan_broun_sit · ‎12-21-2022

Thanks Giuseppe This is what I got going for myself in test mode my event indexes have _e_ in them, metrics have _m_ in them and summary has .. earliest=-11m@m latest=-1m@m index=*_e_* OR index=*_m_* NOT index=*summary* | eval logsize=len(_raw) | stats sum(logsize) as log_bytes count as log_count by host sourcetype | eval log_count.{host}.{sourcetype} = log_count | eval log_bytes.{host}.{sourcetype} = log_bytes | fields - log_count log_bytes host sourcetype | stats values(*) as * | addinfo | mcollect index=log_volume_stats_summary_test split=allnums

bevan_broun_sit · ‎12-18-2022

HI I was about to create a summary index for log sizes/counts by host and by sourcetype. I require this for alerting when log volumes change. I can create the indexes/searches but I thought that this might be a common thing - does anyone know of an app/addon that does this already? Thanks Bevan

bevan_broun_sit · ‎07-11-2019

Hi We upgraded splunk from 6.6 to 7.2.6 and the machine learning toolkit to 4.3 In older version of MLTK I had a tab to load settings for an existing model, I could then modify and update. I cant see how to do this in new version. Under "models" I can see my models but can edit; under the new assistant there is no tab for loading existing settings. How do we update an existing model? I cant even find the search string I use to create the data for the model. Thanks

Posts	4
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎07-11-2019

Online Status	Offline
Date Last Visited	‎03-19-2023 09:07 PM

Is there an app/addon that summarizes index of log...

MLTK: after upgrade load existing model

Re: summary index of log volumes - by host/by sour...

Re: Is there an app/addon that summarizes index of...

Is there an app/addon that summarizes index of log...

MLTK: after upgrade load existing model