Splunk Search

Field missing in dataset

Gauresh96
New Member

@dilip7504 @renjith_nair 

I am unable to solve the below problem on "tutorialsdata.zip" provided in documentation as there is no field named as "purchase". 

Client purchase details:

  1. Total purchase split by product ID
  2. Total Products split by product ID...
Labels (2)
0 Karma

aasabatini
Motivator

Hi @Gauresh96,

you can extract the field with a regex

https://www.learnsplunk.com/splunk-regex-tutorial.html

or you can use an extraction at search time with the rex comand

https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/Rex

 

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
0 Karma

Gauresh96
New Member

Hello @aasabatini 

Still not getting the result

https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchTutorial/Systemrequirements#Download_the_tu... 

I have attached the dataset url, can you please check.  

0 Karma

aasabatini
Motivator

Hi @Gauresh96 

sorry for the late reply.

I analyzed the tutorial data and purchase is not a field but is a action field value, about your request I suggest to try this search:

 

 sourcetype=access_combined_wcookie action=purchase | stats count by productId
sourcetype=access_combined_wcookie action=purchase | lookup prices productId | stats count(product_name) as products by productId

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...