splunk dashboard

Siddharthnegi · ‎05-13-2024

| inputlookup E.csv
| search 4Let="ABCD"
| stats count as count3
[search index=xyz category="Ad"  "properties.OnboardingStatus"= Onboarded
| dedup properties.DeviceName
| rename properties.DeviceName as DeviceName
| stats count as count2]

this search is giving error

VatsalJagani · ‎05-13-2024

@Siddharthnegi - Try this search

| inputlookup E.csv
| rename "4Let" as "Let4"
| search Let4="ABCD"
| stats count as count3
[search index=xyz category="Ad"  "properties.OnboardingStatus"= Onboarded
| dedup properties.DeviceName
| rename properties.DeviceName as DeviceName
| stats count as count2]

I think the problem that you are facing is field name starting with number, which creates problem in search in some-cases.

I hope this helps!!! Kindly upvote if it does!!!

gcusello · ‎05-13-2024

Hi @Siddharthnegi ,

what's the purpose of your search?

using the search you shared you have a main search that arrives to a stats command and then you added another search without any relation with the first one.

Do you want to append the second to the first one or do you want to filter results from the first using the secon one?

Ciao.

Giuseppe

splunk dashboard

other

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...

Splunk and Fraud

Build Your First SPL2 App!