cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
yanhu
Engager
Member since: ‎08-13-2019
‎08-11-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎08-13-2019
Activity Feed
View All

Is throttling based on the trigger time or on even...

by in Splunk Enterprise Security
‎08-07-2020 11:05 AM
‎08-07-2020 11:05 AM
I would like to confirm what TIME the throttling window duration is using. is it based on the trigger time or on event time. Also, what is the different than throttling 1 day or 24 hours. We have a correlation search, with real-time scheduling. Trigger alert when number of results is greater than 0; Throttling window duration is set to 1 day.  Search is scheduled to run at 15 * * * *  for time range -5m@m to -65m@m The first notable was triggered on Aug 4 at 16:17, which reported the event occurred at 15:36 on Aug 4. The second event occurred on Aug 5 at 16:08, which didn't trigger the notable. When i reran the SPL manually for the time range between 15:10 - 16:10, the search returned result. What would be the reason of not seeing alert? Throttling? or event not received in splunk when search was running?   Thanks! ... View more

Splunk Enterprise Security: In geodistance what do...

by in Splunk Enterprise Security
‎08-13-2019 12:22 PM
‎08-13-2019 12:22 PM
Not able to find any document about marco geodistance; the units="m", is it mile or meter? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-11-2020 09:28 AM
Karma given to
View All