But I want top 10 highest values of Requests for each host (such as ProdA, ProdB, ProdC and ProdD). The above query is giving me the top 10 highest Requests in common among all hosts. The queries are from diff source, sourcetype and host. The out come i am trying to get is to join the queries and get Username, ID and the amount of logins. So the result is: '_time' 'Requests' 'Total Response Time' 'Maximum Response Time' '95%ile of Response Time' I am very new to Splunk and basically been dropped in the deep end also very new to language so any help and tips on the below would be great. Splunk Script Figure 4.32 index ' cowrie ' sourcetype json stats earliest ( timestamp ) as starttime, latest ( timestamp ) as finishtime by srcip I join. Than I want to show records only if some field in one record contain some value but in other record it doesnt contain that value. (If multiple records than take latest one). But I wan to join records if and only if time difference if less than 3 seconds between them. |timechart span=1m count(Req) as Requests, sum(Resp_Time_MS) as "Total Response Time", max(Resp_Time_MS) as "Maximum Response Time", p95(Resp_Time_MS) as "95%ile of Response Time" So I have 2 different source types which I can join using DEVICE field. time to cache a given subsearchs results. The Splunk subsearch max result limit is under 10500, but I need to return at least 50000 results. join uripath search earliest24h latest23h sourcetypeaccesscombined indexmain stats avg(response) AS AVG by uripath Using the join command, we. maximum number of seconds to run a subsearch before finalizing. I tried to join with subsearch but I couldnt. So using the below query: index=x host=prod* sourcetype=y maximum number of results to return from a subsearch. I am trying to fetch top 10 max Requests count of events with their corresponding response time.
0 kommentar(er)
