Activity Feed
- Posted Re: peak day count for the day of the month and avg for the month on Splunk Search. 08-30-2021 01:08 AM
- Posted peak day count for the day of the month and avg for the month on Splunk Search. 08-29-2021 01:12 AM
- Posted Re: search language on Splunk Search. 08-29-2021 01:06 AM
- Tagged Re: search language on Splunk Search. 08-29-2021 01:06 AM
- Posted search language on Splunk Search. 08-27-2021 04:37 AM
- Posted Re: How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-14-2019 07:35 PM
- Posted Re: How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-14-2019 07:35 PM
- Posted Re: How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-12-2019 06:43 PM
- Posted Re: How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-12-2019 05:45 PM
- Posted Re: How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-12-2019 07:12 AM
- Posted How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-12-2019 01:35 AM
- Tagged How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-12-2019 01:35 AM
- Tagged How to get a list of all hosts, which have NOT sent an event to Splunk in the last 3 days? on Getting Data In. 03-12-2019 01:35 AM
- Posted Re: search string query on Splunk Search. 09-27-2017 08:32 PM
- Posted Re: search string query on Splunk Search. 09-26-2017 08:34 PM
- Posted Re: search string query on Splunk Search. 09-26-2017 02:50 AM
- Posted search string query on Splunk Search. 09-25-2017 07:37 PM
- Tagged search string query on Splunk Search. 09-25-2017 07:37 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
08-30-2021
01:08 AM
What is the query I should use?
... View more
08-29-2021
01:12 AM
Hi, I get the exactly same count for avg and peak, any issue with my query? index=a sourcetype=ab earliest=-30d latest=now
| bucket _time span=1mon
| stats count by _time
| eval date_month=strftime(_time, "%b")
| eval date_day=strftime(_time, "%a")
| stats avg(count) as AverageCountPerDay max(count) AS Peak_Per_Month by date_month, date_day date_month date_day AverageCountPerDay Peak_Per_Month Aug Sun 82037650 82037650 Jul Thu 4621995 4621995
... View more
Labels
- Labels:
-
stats
08-27-2021
04:37 AM
Hi, how do I get subtotal count for each Host and Total for all count, in additional count for all different status. Host Status Count HostA Disconnected 1 HostA Running 19 HostA RunningWithErrors 2 HostA BadConnectivity 2 HostB Disabled 2 HostB Disconnected 1 HostB Running 17 HostB RunningWithErrors 5 HostC BadConnectivity 1 HostC Running 7 HostC RunningWithErrors 5
... View more
Labels
- Labels:
-
stats
03-14-2019
07:35 PM
Anyone can help?
... View more
03-14-2019
07:35 PM
Anyone can help?
... View more
03-12-2019
06:43 PM
I'm using the relevant index name and sourcetype for my env
| metadata type=secevent index=sec l | eval oldest=now()-lastTime | where oldest>86400*3
... View more
03-12-2019
05:45 PM
I search all time but no result display
... View more
03-12-2019
07:12 AM
all the event send to this index and source, I don't want compare just look up existing event "HOSTNAME" and output the "HOSTNAME" no event more than 3 days
index=sec sourcetype="secevent"
... View more
03-12-2019
01:35 AM
This is the sample of the event field, start from EID are the data ingest from app, how can I get the output in last 3 days the hostname do not have any event come in the Splunk
2019-03-12 08:25:57 EID="267252209", EDT="2019-03-12 08:25:57.0", RULE_NAME="RULE1", HOSTADDR="1.1.1.1", HOSTAME="SERVER1"
... View more
09-26-2017
08:34 PM
Hi Giuseppe, it's possible to break down the count for all the rule? right now I'm only getting 1 rule per Name
Name Total Count
SRV1 800
Rule1 500
Rule2 200
Rule3 100
SRV2 600
SRV6 700
... View more
09-26-2017
02:50 AM
Hi Giuseppe,
I want to know based on my output
index=data sourcetype="data1" host=HOSTA | stats count by NAME | sort -count | head 3
Name Count
SRV1 800
SRV2 600
SRV6 700
it's any string of script will automatically take "Name" from the output in this 3 name or potentially more name to get the top "Rule"
... View more
09-25-2017
07:37 PM
Hi I can use the search string to get the statistics output
index=data sourcetype="data1" host=HOSTA | stats count by NAME | sort -count | head 3
Name Count
SRV1 800
SRV2 600
SRV6 700
Question is how I continue use string to query each of the output "Name" to display a new field "RULE" under "Name"
Example
index=data sourcetype="data1" host=HOSTA Name=SRV1 | stats count by RULE | sort -count
... View more
- Tags:
- splunk-enterprise
