×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
richnavis88
Explorer
Member since: ‎09-09-2022
‎08-06-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎09-09-2022
Activity Feed
View All

Is there a more efficient way to match multiple va...

by in Splunk Search
‎10-24-2022 10:59 AM
1 Karma
‎10-24-2022 10:59 AM
1 Karma
Hello,  I have to avoid matching several values in a fields.  The following works, but I"m wondering if there is a more efficient way...  index=wineventlog host="myhost" EventCode=7036 | regex Message!="WMI" | regex Message!="WinHTTP" ... View more
Labels

Re: How to compare average of last 30 days to last...

by in Splunk Search
‎09-10-2022 10:35 AM
‎09-10-2022 10:35 AM
eventstats doesn't support the window parameter.  I tried streamstats with window and time_window, but I can't seem to get it to report correctly ... View more

Re: How to compare average of last 30 days to last...

by in Splunk Search
‎09-10-2022 10:29 AM
‎09-10-2022 10:29 AM
eventstats doesn't support window parameter as far as I'm aware.  I've tried the streamstats parameter,  which does have a windows and start_window parameter, but can't seem to get it to provide the data I'm after ... View more

How to compare average of last 30 days to last 90 ...

by in Splunk Search
‎09-09-2022 08:52 AM
‎09-09-2022 08:52 AM
I believe there is no report Splunk cannot produce, but I'm having trouble with this one. I'd like to generate a report that compares the last 30 days average duration with last 90 days average duration and shows the increase/decrease. I am having no troubles getting the last 90 day average, but I can't figure out how to include the last 30 day average in the same query... The data I'm working with is similar to this date Job Duration 9/1/2022 Job1    33 9/1/2022 Job2   12 9/1/2022 Job3   128 9/2/2022 Job1   14 9/2/2022 Job2   99 9/2/2022 Job3   128 9/3/2022 Job1   16 9/3/2022 Job2   33 9/3/2022 Job3   22 9/4/2022 Job1  196 9/4/2022 Job2  393 9/4/2022 Job3 192 I'd like a report that looks like this.  Job          All  Days    Last 2 Days Job1        21                17 Job2       44                 35 Job3       28                 17 I can generate the ALL Days, but am not sure how to get the last 2 days.. Heres what I have. search=foo | bucket=_time span=1d | stats sum(duration) as duration by time, jobtype | stats avg(duration) as duration by jobtype Any gurus out there that can help?    ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-06-2024 11:49 PM
Karma from
View All
Karma given to
View All