Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I use multiple fields and values by different fields of time?

hyungjoon
New Member
‎12-07-2018 08:02 AM

alt text

Hello,

Here is my question:

Suppose I have 4 fields, and I want to find the recorded time of each step using conditions of the fields.

But, because there is different time and multiple fields involved, I cannot seem to get the result I want

can someone please help me?

Tags (1)
Preview file
21 KB
0 Karma
Reply

kmaron
Motivator
‎12-07-2018 09:53 AM

try this:

| eval step1_time = case(jobtype=delivery AND status=pending,Time1)
| eval step2_time = case(jobtype=delivery AND status=pending,Time1)
| eval step3_time = case(jobtype=delivery AND (status=delivered OR status=delivery_failed),Time2)
| eval step4_time = case(jobtype=delivery AND (status=delivered OR status=delivery_failed),Time2)
| eval step5_time = case(jobtype=delivery AND status=deposited,Time2)
| eval step6_time = case(jobtype=delivery AND status=deposit_failed,Time2)
| stats earliest(step1_time) as step1 latest(step2_time) as step2 earliest(step3_time) as step3 latest(step4_time) as step4 earliest(step5_time) as step5 latest(step6_time) as step6
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...