Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

How to display message related to particular fields?

manohart31
New Member
โ€Ž07-09-2013 10:50 PM

page="MIR" postid="2824567904373133_10151428930538134" message="Foot stools from MI..." time="2013-01-21" likes="188" comments="9" fromid="282904373133" picCount="1" videocount="0" linlcount="0" shares="0"

tried this query: sourcetype="..." |stats max(likes) as likes by page| table page,likes, message

My intention is to display a message with max likes but the above query does not work

Tags (2)
0 Karma
Reply

ranjyotiprakash
Communicator
โ€Ž07-09-2013 11:10 PM

Use the following command to get a list which contains pages and max likes as columns :

.... | chart max(likes) AS Likes by page

Have a look at following Splunk Documentation :
link text

0 Karma
Reply