}, {tokens: true, tokenNamespace: "submitted"}); As you can see, I there is a dynamic variable rows[i][4] in the search, preventing me to put it in the basesearch. BUT, as Splunk adds automatically a pipe between the basesearch and the subsearch, it can't work. Do you have ...
Solved: Hi, I am new to splunk, could you please help me with below SPL, I am trying to use stats and table command We have 4 entries for same
After wasting hours with appends and evals I had to pause before I smashed my keyboard. Any ideas ond how i get the correct calculation but showing all the category_names? Tags: lookup multivalue mvexpand splunk-enterprise stats 0 Karma Reply 1...
Splunk Search Re: Stats Count not returning expected Results - D...Options Stats Count not returning expected Results - Difference in count over single date and span covering same date insaneteddie Path Finder 07-28-2016 02:34 AM HI Guys, Just noticed something a little...
Tags: range splunk-enterprise timechart 0 Karma Reply 1 Solution Solution niketn Legend 12-24-2017 07:33 AM @mkatta, from code provided in the question seems like you are trying to find the duration of a transaction based on CorrelationID and then plot the averag...
scelikok SplunkTrust 02-11-2021 07:58 PM Hi @lazyturtle_, Please try below; | rex "ReservationConfirmRS\sreturned\serrors\sfor\sTrainId\s(?<TrainId>\d+).+\[(?<text_string>[^\]]+)" | timechart span=1d count(TrainId) TrainId count(text_string) as text_string If...
The distinct count function of stat should help with this: index="x" sourcetype="y" process_cpu_used_percent>80 | stats dc(host) as unique_hosts https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Stats View solution in original post 0 Karma Reply All...
I want a cumulative count of a field that has multiple values. Somehow this isn't working: base search| streamstats count(State) as dur time_window=1w| timechart sum(dur) by State span=1w Tags: splunk-enterprise streamstats timechart ...
jluo_splunk Splunk Employee 12-11-2015 02:00 PM You could simply do.. stats count(ip) as ip, count(login) as login, count(bcookie) as bcookie. However, the format of the results table is a little different from what you requested. 2 Karma Reply adicoz...
Tags: alert splunk-enterprise stats 0 Karma Reply 1 Solution Solution efavreau Motivator 02-01-2018 11:59 AM @burwell Sounds like you're looking for sistats index=foo value=bar | sistats values(host) as hosts ###If this reply helps you, an upvote wou...