cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
EPitch
Observer
Member since: ‎02-09-2024
‎02-12-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎02-09-2024
Activity Feed
Topics I've Started
View All

Re: Limiting Matching Events

by in Splunk Search
‎02-12-2024 06:39 AM
‎02-12-2024 06:39 AM
Hi @bowesmana, So I actually need it do be limited a certain number per distinct name/ip/id combinations, because there are some combinations have rarer matching events compared to others and I did not want to search through millions of events for one combo before getting any hits on another, Thank you! ... View more

Limiting Matching Events

by in Splunk Search
‎02-09-2024 10:43 PM
‎02-09-2024 10:43 PM
Hi Everyone,  I am looking for a little advice, I am currently searching splunk against multiple sets of variables to see if there are any events in the past 90 days, however I am running into an issue with there being too many events that my search is parsing through. I dont need to see the total number of events that matched, only need to see if there were at least 10 events that matched. Since there are 100+ sets of variables to check, doing it by hand one at a time seems tedious and lengthy. Would you be able to help me limit the events parsed so that it stops checking a set once it reaches a predetermined amount? Here is an example of my search:  index=blah sourcetype=blah (name=Name1 ip=IP1 id=id1) OR (name=Name2 ip=IP2 id=id2) OR (name=Name3 ip=IP3 id=id3) OR .... (name=Name105 ip=IP105 id=id105) | stats count by name, ip, id Any and all help would be appreciated ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-12-2024 11:11 AM