×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
splunkinsfs
Explorer
Member since: ‎12-11-2017
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎12-11-2017
Activity Feed
View All

Re: count something with a specifc rule and time

by in Splunk Search
‎12-12-2017 07:54 AM
1 Karma
‎12-12-2017 07:54 AM
1 Karma
Thanks for the suggestion. Your query seems to be working . I'll do additional stats count to make the final result looks good. ... View more

Re: count something with a specifc rule and time

by in Splunk Search
‎12-11-2017 08:25 PM
‎12-11-2017 08:25 PM
Thanks for the quick suggestion. The result of your query did bring up the result that I need. Again, I was looking for 1. Count if same weight happens over 10 times 2. Count among from those events found from #1 if they are happened within 10 minutes based on the event time. ... View more

count something with a specifc rule and time

by in Splunk Search
‎12-11-2017 06:37 PM
‎12-11-2017 06:37 PM
Hi, I have many lines of event like these two: 2017 12 07 21:32:23.669 | 20,3329788638103|CT02053,15.96x11.81x6.15,211 lbs 2017 12 07 21:29:26.648 | 19,42233978863257|CT02010,16.26x15.43x16.75,4441 lbs Each event starts with a time, then a bunch of random number and code, and ends with the weight in "lbs"(the weight is the number before the "lbs"). I need to accomplish two goals: 1. Count if same weight happens over in 10 events 2. Count those events found from #1 if they are happened within 10 minutes based on their time stamps. I use this query to achieve goal #1. Base search..........| use rex command to create the field for the weight | stats count by weight | where count>10 But I don't know how I can confirm the time of those events are happens within 10 minutes? I tried to add "transaction weight maxspan=10m" at the end of the query but it didn't work. Any idea? Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All