|
(Love this forum. Didn't even know about the concurrency command before this morning. :-) My search: All seems well. But how does splunk count concurrent events? My confustion started when I noticed in my results there are 2 events that had concurrency of 18. Shouldn't the number of concurrent events be at least 18? What's the logic behind only 2 events that ran alongside 16 other events at the same time? I'm sure I'm missing something fairly simple. :-/ Thanks, Jon (Doh! No 'concurrency' tag yet.) |
One Answer:
|
Yes, concurrency isn't the number of events that occurred during any overlap, but rather the number of events that occurred simultaneously at the start time of the event. |
There is now. (I added the "concurrency" tag for you. Once you get a certain number of reputation points you are allowed to create new tags.)
It appears to tally concurrent event counts as it runs through them. I zoomed in on the 18 count spike, and I see events with counts 1-18, in order of time started.