Getting Data In

How to extract only the values that has the same timestamp from two different fields in a range of time PLEASE HELP ME!!!

Path Finder

Hello!

I have events from two different fields that are correlate each other by the time.

So I want to make a table extracting only those values that were generate at the same time from a range of time of one day.

For example in the table below, there are two values that has the same time:

How can I extract the events that only has the same timestamp from those two fields (MSGNUM=SVM4000I and SVM4874I)

alt text

0 Karma
1 Solution

SplunkTrust
SplunkTrust

@danielgp89,

Try this and verify if its working for you

"your base search"|eventstats dc(MSGNUM) as c by _time|where c>1

This should result only those events which has at least 2 MSGNUM values of same time

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

@danielgp89,

Try this and verify if its working for you

"your base search"|eventstats dc(MSGNUM) as c by _time|where c>1

This should result only those events which has at least 2 MSGNUM values of same time

View solution in original post

0 Karma

Path Finder

Thanks so much Renjith!

Your going to heaven!

0 Karma