Splunk Search

Want to split results based on a field value

leandrot
Explorer

Hi all,

We have a field which represets de Offices, and we would like to make 2 different line charts separating between Domestic offices and International offices.

As Example we have:

Domestic offices: PHX, LAX, LGA
International offices: BUE, LIM, MEX

How can we filter the results to dispaly on each graphic the corresponding offices ?

Thanks in advance

Tags (1)
0 Karma

TISKAR
Builder

@leandrot , Can you try this please:

<yourSearch> |eval TypeOffice=if(Offices="PHX" OR Offices="LAX" OR Offices="LGA","Domestic offices","International offices") | chart count over Offices by TypeOffice
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...