Activity Feed
- Posted Re: Find the max and min cpu per host on Monitoring Splunk. 05-19-2020 07:24 AM
- Posted Re: Find the max and min cpu per host on Monitoring Splunk. 05-19-2020 04:07 AM
- Posted Find the max and min cpu per host on Monitoring Splunk. 05-18-2020 07:35 PM
- Tagged Find the max and min cpu per host on Monitoring Splunk. 05-18-2020 07:35 PM
- Tagged Find the max and min cpu per host on Monitoring Splunk. 05-18-2020 07:35 PM
- Tagged Find the max and min cpu per host on Monitoring Splunk. 05-18-2020 07:35 PM
- Tagged Find the max and min cpu per host on Monitoring Splunk. 05-18-2020 07:35 PM
- Posted Re: How to identify slowest traffic on a host on Splunk Search. 08-11-2019 06:15 PM
- Posted How to identify slowest traffic on a host on Splunk Search. 08-11-2019 05:11 PM
- Tagged How to identify slowest traffic on a host on Splunk Search. 08-11-2019 05:11 PM
- Posted Avoid panels on the dashboard on Dashboards & Visualizations. 04-06-2018 07:06 AM
- Tagged Avoid panels on the dashboard on Dashboards & Visualizations. 04-06-2018 07:06 AM
- Tagged Avoid panels on the dashboard on Dashboards & Visualizations. 04-06-2018 07:06 AM
- Tagged Avoid panels on the dashboard on Dashboards & Visualizations. 04-06-2018 07:06 AM
- Tagged Avoid panels on the dashboard on Dashboards & Visualizations. 04-06-2018 07:06 AM
- Tagged Avoid panels on the dashboard on Dashboards & Visualizations. 04-06-2018 07:06 AM
- Posted Re: Avoid rows less than certain number of alerts on Splunk Search. 04-06-2018 07:04 AM
- Posted Avoid rows less than certain number of alerts on Splunk Search. 04-05-2018 07:19 PM
- Tagged Avoid rows less than certain number of alerts on Splunk Search. 04-05-2018 07:19 PM
- Tagged Avoid rows less than certain number of alerts on Splunk Search. 04-05-2018 07:19 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
05-19-2020
07:24 AM
I changed the question a bit.
... | stats count by host
output
H1 200
H2 340
H3 400
H4 250
The count of each host is different. How would you eval min_value and max_value of these host counts?
... View more
05-19-2020
04:07 AM
mmm.. It didn't do it. Let me ask the question in different way. Lets forget about CPU. Lets say each host is giving you count of sessions or count of traffic.
index=app | stats count by host
result based on 4 host
How would you find max count out of 4 host
... View more
05-18-2020
07:35 PM
I have four hosts. H1, H2, H3, H4
each host have cpu_load
I want to find min cpu_load and max cpu_load. Find the min/max out of all host. In My scenario out of 4 host, find the min/max.
| stats min(host of cpu_load) as Min, max(host of cpu_load) | eval diff=max-min | alert based on diff
Any help is appreciated. Thank you
... View more
Labels
08-11-2019
06:15 PM
My search query only good if I am inspecting the graph. I don't think its good enough to alert. My thought process is.. I want to compare the server whose take most traffic and the server who takes lesser traffic.. then alert of the base of that.
s1 = 100
s2 = 109
s3 = 100
s4 = 110
S5 = 23
In this case.. I want an alert because S5 is taking very less traffic compare to S4 (Max traffic).
... View more
08-11-2019
05:11 PM
I have 10 servers for my X applications. Sometime 1 or 2 servers will start to take 10% (or < 25%) where other 8 servers are taking normal traffic. How can I set up an alert in such scenario.
application=X host=websphere* source=X_performance.log "New Session logged in" | timechart span=1m count by host
I can identify 1 or 2 servers take low traffic. Not too sure how can I set this into alert.
Thanks,
... View more
- Tags:
- splunk-enterprise
04-06-2018
07:06 AM
I am creating a dashboard with 20 panels. I am sending these reports as PDF delivery. More than half of the panels have 0 results, is it anyway I can avoid 0 result panels in the report.
Really appreciate the help.
Thanks,
... View more
04-05-2018
07:19 PM
basic search | timechart span = 5m count by host | where count > 3
for today
10% of the time,the count is greater than 3. I only want those rows to display.
Please and thank you.
... View more
- Tags:
- row
- rows
- search-time
01-28-2018
05:50 PM
Thank you. Yours is good.
... View more
01-27-2018
08:36 PM
I thought about doing two reports. Thanks,
... View more
01-26-2018
04:13 PM
host=somehost sourcetype=somesource earliest=@d+9h latest=now| timechart span=15m dc(UserId)
| appendcols [search host=somehost sourcetype=somesource earliest=-d@d+9h latest=now-d@d| timechart span=15m dc(UserId)]
I know I got the syntax wrong here => latest=now-d@d
My report is running every 15min Mon-Fri. */15 * * * 1-5
I want to display today's values vs Yesterdays value. If Today is Monday, then Yesterday should be Friday for any other days Today should be comparing with previous days. Since Today is Monday, yesterday is weekend. I only want weekdays. I seen similar example but not what I am looking for.
Since I am using now as latest - some time I am getting my 15min reports in two line. Is there anyway we can make sure we only one one line of answer.
Thanks in advance.
... View more
- Tags:
- splunk-enterprise
01-18-2018
06:19 PM
I want to read specific string between 9:15-9:45, each day for last 7 days.
host=manana string | stats dc(count)
Thanks,
... View more
- Tags:
- splunk-cloud
