Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Displayed with undefined range while using rangmap in the search query

deepthi5
Path Finder
‎05-26-2016 10:47 PM

I have define only <1 <2 ❤️ i don't know from where the first row is picked up can some one help in resolving this.

index=* sourcetype=AMS_samplelog
| search server ="1"
| rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
| stats  count as "Server-1" by range
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="2"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-2" by range]
| appendcols [
   search index=* sourcetype=AMS_samplelog
  | search server ="3"
  | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
  | stats  count as "Server-3" by range]
| appendcols [
   search index=* sourcetype=AMS_samplelog
  | search server ="4"
  | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
  | stats  count as "Server-4" by range]
| appendcols [
   search index=* sourcetype=AMS_samplelog
  | search server ="5"
  | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
  | stats  count as "Server-5" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="6"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-6" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="7"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-7" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
   | search server ="8"
   | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
   | stats  count as "Server-8" by range]
| appendcols [
    search index=* sourcetype=AMS_samplelog
    | rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
    | stats  count as "Total" by range]
| table range, Server-1, Server-2, Server-3, Server-4, Server-5, Server-6, Server-7, Server-8, Total

This is the result:

range   Server-1    Server-2    Server-3    Server-4    Server-5    Server-6    Server-7    Server-8       Total
           16493       20285       19466       19370       18649       32698       23075       26399      176899
<1          4451        5619        5377        5413        5083        8684        6548        7302       48477
<2            80         275         180         149         164         683         351         390        2272
<3            24          26          34          38          24          64          44          40         294
>3            26          40          28          40          34          54          48          50         320
Tags (2)
0 Karma
Reply

woodcock
Esteemed Legend
‎05-27-2016 06:56 AM

Try this:

index=* sourcetype=AMS_samplelog
| eval server = "Server-" . server
| rangemap field=Msg_Exec_Time "<1"=0-1 "<2"=1-2 "<3"=2-3 ">3"=3-100
| chart count BY range server
| addtotals row=t col=f
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...