cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Anandkalhore
Engager
Member since: ‎04-23-2021
‎09-27-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-23-2021
Activity Feed
Topics I've Started
View All

Re: SPL subquery for table

by in Splunk Search
‎04-25-2021 12:01 AM
‎04-25-2021 12:01 AM
Thank you, Tscroggins. Streamstats is new for me. I tried executing query till streamstats (without where)  but value of "u" is blanks in output. I will learn more about streamstats to know where am I going wrong. Thank you so kuch for giving direction to solution. ... View more

SPL subquery for table

by in Splunk Search
‎04-24-2021 11:47 AM
‎04-24-2021 11:47 AM
Hi, Need help. I want to run a query to identify if errors are increased over 10%. Data is : Servername errorcode1 errorcode2 count Abcd.1.1.1000 Pqrs.1.2.1100 If errorcode2 value 1 txns are exceeding 10% of average count of its historical(7 days) count then show alert. I need to do this for all types of available errors in a single query. I could do it for a single error code.. but i want query for all error code at once. Index=abcd errorcode2 in (1) earliest=-1d@d latest=@d |Stats coubt as t1 by errorcode2 |Table t1 | where t1 > 【 search index=abcd errorcode2 in (1) earliest=-8d@d latest=-2d@d Bucket _time span=1d |Stats count as total by _time |Stats avg(total)as avgt |Eval chk = 1.1* avgt |Table chk | return $chk】   Kindky help me understand how can I compare complete table in where condition like we do in python pandas. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-27-2021 10:08 AM
Karma given to
View All