Streamstats - is it actually calculating time diff. . . - Splunk Community If streamstats isn't using the current event ( current=f) than where is it pulling prev_time from to calculate the difference from c_time? I think the intent was to calculate the time difference when the same system goes to the same dest_host but it looks like prev_time is just using the previous event's time stamp regardless of source IP
Solved: How Can I Use Streamstats to Retrieve the Last Ins. . . - Splunk . . . streamstats will then always set the first value for that room user as count=1, so that's always the first entry to the room then check for count=1 to get the first entry to a room and it's the last time value (i e latest) which will be the first entry to the room at the start of a sequence
Solved: streamstats and delta - Splunk Community My search brings back data in a table like so: _time|product|count 8 15 15 08:00:00|apples|500 8 15 15 08:00:00|oranges|800 8 15 15 08:00:00|plums|200 8 15 15 08:00:00|peaches|275 What I want is to have splunk compute the diff between the latest value above and the one just before it per product So
Detect Brute Force auth success after multiple failures Hi, I'm trying to detect brute force activity by detecting multiple auth failures followed by success I started with the following search which works and shows when there has been over 20 failures and at least 1 success, but the success can happen anywhere during the search period It could be 1 s