×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
markgize
Engager
Member since: ‎09-26-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-26-2014
View All

Re: How to define a time range, filter and then ap...

by in Getting Data In
‎09-29-2014 09:06 AM
‎09-29-2014 09:06 AM
For future reference, the problem I was trying to solve is the pairing up of events that are separated by a matter of minutes. I can't use a fixed time range for this as it could split a valid pair. Therefore, I wanted to define a broad time range and then filter out non-pairs within this range. ... View more

Re: How to define a time range, filter and then ap...

by in Getting Data In
‎09-29-2014 09:02 AM
‎09-29-2014 09:02 AM
Thanks Martin you made a number of useful points: eventstats to retain columns count as the shorthand for count(_raw) relative_time The main problem I faced with my efforts was the use of stats which, as you say, meant that _time was no longer available. I am now up and running. ... View more

How to define a time range, filter and then apply ...

by in Getting Data In
‎09-26-2014 05:29 PM
‎09-26-2014 05:29 PM
I need to define an outer time range, simple: earliest=-3h I then want to filter the results, also simple: earliest=-3h | stats count(_raw) as count by stuff | where count%2=1 But now the part I am struggling with. I want to define a time range that is even more restrictive: earliest=-3h | stats count(_raw) as count by stuff | where count%2=1 | earliest=-2h This syntax is invalid but hopefully describes what I am trying to achieve. I must have the outer time range, filter and then apply a further time range, is this possible? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All