I want to know how to write search query in Splunk in order to check if the current search is greater than 20% of previous search. I am getting events on a particular count every 10 min. I want to check if my current count (for the last 10 min) is greater than 20% of my previous count(for the last 20 min). I need to use subsearch to make the comparison. But not getting result though. Can anyone help ?
Splunk command to check if current search is greater than x% of previous search
835 views Asked by Geethu Thomas At
1
There are 1 answers
Related Questions in SPLUNK
- Getting Value from Object with Characters in Element Name
- Java: set and get methods for strings
- Angular populate select with object of objects
- Is it possible to have a command last only while the object is moving?
- Converting an unknown to an array in PHP
- Can anyone explain why this snippet of code is working in the constructor only?
- How to initialize an object with an array parameter in Java
- How can I assign initial data to some variables in literal object before use
- Check if a private function exists inside an object in JavaScript
- java.lang.ArrayIndexOutOfBoundsException object array
Related Questions in SPLUNK-QUERY
- Getting Value from Object with Characters in Element Name
- Java: set and get methods for strings
- Angular populate select with object of objects
- Is it possible to have a command last only while the object is moving?
- Converting an unknown to an array in PHP
- Can anyone explain why this snippet of code is working in the constructor only?
- How to initialize an object with an array parameter in Java
- How can I assign initial data to some variables in literal object before use
- Check if a private function exists inside an object in JavaScript
- java.lang.ArrayIndexOutOfBoundsException object array
Related Questions in SPLUNK-FORMULA
- Getting Value from Object with Characters in Element Name
- Java: set and get methods for strings
- Angular populate select with object of objects
- Is it possible to have a command last only while the object is moving?
- Converting an unknown to an array in PHP
- Can anyone explain why this snippet of code is working in the constructor only?
- How to initialize an object with an array parameter in Java
- How can I assign initial data to some variables in literal object before use
- Check if a private function exists inside an object in JavaScript
- java.lang.ArrayIndexOutOfBoundsException object array
Related Questions in SPLUNK-CALCULATION
- Getting Value from Object with Characters in Element Name
- Java: set and get methods for strings
- Angular populate select with object of objects
- Is it possible to have a command last only while the object is moving?
- Converting an unknown to an array in PHP
- Can anyone explain why this snippet of code is working in the constructor only?
- How to initialize an object with an array parameter in Java
- How can I assign initial data to some variables in literal object before use
- Check if a private function exists inside an object in JavaScript
- java.lang.ArrayIndexOutOfBoundsException object array
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I suggest saving the search results to a summary index. Then you can a separate search process the summary index looking for instances where the result is 120% of the previous result.
To save your search results to a summary index, add
| collect <summary>to your existing search.<summary>is the name of an existing index that will receive the search results.The search that will process the summary can use the
streamstatscommand to process events.