Fortytwo - Answer to the Ultimate Question of Life, the Universe, and Everything

User Tools

Site Tools

Trace: retrieve-windows-key-from-registry elasticsearch fix-twrp-boot-loop create-custom-debian-live-usb-stick-stretch
splunk-queries

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
splunk-queries [2024/10/15 05:24] baumisplunk-queries [2024/10/15 05:26] (current) baumi
Line 4: Line 4:
 ==== List Indexes ==== ==== List Indexes ====
 <code> <code>
-| eventcount summarize=false index=* | dedup index | fields index+| eventcount summarize=false index=*  
 +| dedup index  
 +| fields index
 </code> </code>
 ==== Count Events per Index ==== ==== Count Events per Index ====
Line 17: Line 19:
 ==== Events per Host / Index / Sourcetype ==== ==== Events per Host / Index / Sourcetype ====
 <code> <code>
-| tstats count as EVENTS_PER_HOST where index=* by index,sourcetype,host | table * | sort by index+| tstats count as EVENTS_PER_HOST where index=* by index,sourcetype,host  
 +| table *  
 +| sort by index
 </code> </code>
  
Line 29: Line 33:
 <code> <code>
 index=_internal sourcetype=splunkd source=*license_usage.log type=Usage  index=_internal sourcetype=splunkd source=*license_usage.log type=Usage 
-     | timechart span=1d sum(b) as usage by idx limit=0 | foreach * [ eval "<<FIELD>>"=round('<<FIELD>>'/1024/1024,3)]+| timechart span=1d sum(b) as usage by idx limit=0  
 +| foreach * [ eval "<<FIELD>>"=round('<<FIELD>>'/1024/1024,3)]
 </code> </code>
  
splunk-queries.1728962685.txt.gz · Last modified: 2024/10/15 05:24 by baumi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki