6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Time based sliding window query in splunk\",\"text\":\"

Is there a way to do time based sliding window query in splunk on real time? To provide an insight what I am looking for is, lets say if log statements are published to splunk, can I get counts of error which has occurred in last 15 minutes. And this has to be sliding and continuously updating me the state of the system.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"ajjain\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","splunk",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/splunk/1","children":"splunk"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/76818f95556f3184e82c6d19ad77119b?s=256&d=identicon&r=PG","alt":"ajjain","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/637535/ajjain","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"ajjain"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1169]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Time based sliding window query in splunk"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",777]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","23608813",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/0cec87496de88512980df807dc8ca545?s=256&d=identicon&r=PG","alt":"mihai.ciorobea","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2071602/mihai-ciorobea","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"mihai.ciorobea"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",741]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

As you said, you can use real time queries.

\n\n

create your query
make it real time (last 15 min)
save as alert
set the cron period for the query to run

\n\n

Hope it helps.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","74533136",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/74533136","className":"text-blue-600 hover:underline","children":"Splunk - find new values that only appear after a certain date"}]}],["$","li","74505582",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/74505582","className":"text-blue-600 hover:underline","children":"Splunk: Split a time period into hourly intervals"}]}],["$","li","68866445",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68866445","className":"text-blue-600 hover:underline","children":"Splunk - Assigning custom time"}]}],["$","li","68765482",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68765482","className":"text-blue-600 hover:underline","children":"Splunk panel showing graph for a specific time range"}]}],["$","li","63487576",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/63487576","className":"text-blue-600 hover:underline","children":"How to get splunk report for different time ranges"}]}],["$","li","53437493",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/53437493","className":"text-blue-600 hover:underline","children":"Querying in time intervals throughout history in Splunk"}]}],["$","li","49309925",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49309925","className":"text-blue-600 hover:underline","children":"Splunk query substract time"}]}],["$","li","41773045",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/41773045","className":"text-blue-600 hover:underline","children":"Splunk query for division of sums of entries within a time frame"}]}],["$","li","39126741",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/39126741","className":"text-blue-600 hover:underline","children":"Creating a table in splunk with trends"}]}],["$","li","7536361",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7536361","className":"text-blue-600 hover:underline","children":"Query to loop through data in splunk"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Time based sliding window query in splunk

Answers (1)

Related Questions