Solved: every 5min for the last 15min

LauraBre · ‎07-30-2012

Hello,

I have this following search:

source="Laura_ACS" earliest=-15m latest=now| eventstats count as "totalVE"| eventstats count(eval(STAT_VE="N")) as "totalVENO"|eval percent=(totalVENO/totalVE)*100 | stats values(totalVENO) AS COMPTEUR, values(percent) AS TAUX|search TAUX=100

I want to calculate this search every 5min for the last 15min. How can I do it?

Thx by advance,

Laura

LauraBre · ‎07-30-2012

I resolve my problem: this my actually search:

source="Laura_ACS" earliest=-15m latest=now| bucket _time span=5m | eventstats count as "totalVE" by _time| eventstats count(eval(SD_STAT_PA="N")) as "totalVENO" by _time|eval percent=(totalVENO/totalVE)*100  |stats values(totalVENO) AS COMPTEUR, values(percent) AS TAUX by _time |search TAUX=100

View solution in original post

LauraBre · ‎07-30-2012

I resolve my problem: this my actually search:

source="Laura_ACS" earliest=-15m latest=now| bucket _time span=5m | eventstats count as "totalVE" by _time| eventstats count(eval(SD_STAT_PA="N")) as "totalVENO" by _time|eval percent=(totalVENO/totalVE)*100  |stats values(totalVENO) AS COMPTEUR, values(percent) AS TAUX by _time |search TAUX=100

every 5min for the last 15min

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms