I want to know how to write search query in Splunk in order to check if the current search is greater than 20% of previous search. I am getting events on a particular count every 10 min. I want to check if my current count (for the last 10 min) is greater than 20% of my previous count(for the last 20 min). I need to use subsearch to make the comparison. But not getting result though. Can anyone help ?
Splunk command to check if current search is greater than x% of previous search
886 views Asked by Geethu Thomas At
1
There are 1 answers
Related Questions in SPLUNK
- Create an IIS web request activity light
- Writing/Overwriting to specific XML file from ASP.NET code behind
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- Entity Framework Code First with Fluent API Concurrency `DbUpdateConcurrencyException` Not Raising
- Getting deeply embedded XML element values
- What is best way to check if any of the property of object is null or empty?
- NuGet - Given a type name or a DLL, how can I find the NuGet package?
- ASP-MVC Code-first migrations checkbox not active
Related Questions in SPLUNK-QUERY
- Create an IIS web request activity light
- Writing/Overwriting to specific XML file from ASP.NET code behind
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- Entity Framework Code First with Fluent API Concurrency `DbUpdateConcurrencyException` Not Raising
- Getting deeply embedded XML element values
- What is best way to check if any of the property of object is null or empty?
- NuGet - Given a type name or a DLL, how can I find the NuGet package?
- ASP-MVC Code-first migrations checkbox not active
Related Questions in SPLUNK-FORMULA
- Create an IIS web request activity light
- Writing/Overwriting to specific XML file from ASP.NET code behind
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- Entity Framework Code First with Fluent API Concurrency `DbUpdateConcurrencyException` Not Raising
- Getting deeply embedded XML element values
- What is best way to check if any of the property of object is null or empty?
- NuGet - Given a type name or a DLL, how can I find the NuGet package?
- ASP-MVC Code-first migrations checkbox not active
Related Questions in SPLUNK-CALCULATION
- Create an IIS web request activity light
- Writing/Overwriting to specific XML file from ASP.NET code behind
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- Entity Framework Code First with Fluent API Concurrency `DbUpdateConcurrencyException` Not Raising
- Getting deeply embedded XML element values
- What is best way to check if any of the property of object is null or empty?
- NuGet - Given a type name or a DLL, how can I find the NuGet package?
- ASP-MVC Code-first migrations checkbox not active
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I suggest saving the search results to a summary index. Then you can a separate search process the summary index looking for instances where the result is 120% of the previous result.
To save your search results to a summary index, add
| collect <summary>to your existing search.<summary>is the name of an existing index that will receive the search results.The search that will process the summary can use the
streamstatscommand to process events.