Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to filter table results?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pierre_weg
Path Finder
06-27-2018
08:13 AM
Hi all!
I have a table as a search result:
date Country cs_username
2018-06-12 Mexico mendoza
2018-06-12 Mexico mendoza
2018-06-12 Mexico mendoza
2018-06-14 Mexico mendoza
2018-06-20 Mexico mendoza
2018-06-22 Mexico mendoza
2018-06-25 Mexico mendoza
2018-06-26 Mexico mendoza
2018-06-26 Mexico mendoza
2018-06-11 Netherlands xing
2018-06-11 United States xing
2018-06-11 Nigeria xing
2018-06-13 United States xing
2018-06-14 United States xing
2018-06-15 United States xing
2018-06-17 United States xing
2018-06-22 Brazil xing
2018-06-24 United States xing
2018-06-25 Brazil xing
2018-06-25 Brazil xing
2018-06-25 United States xing
2018-06-17 China xue
2018-06-18 China xue
2018-06-20 China xue
2018-06-21 China xue
2018-06-22 China xue
2018-06-22 China xue
2018-06-22 Brazil xue
Note that to the same days I have the same user and 2 different Countries.
2018-06-11 xing
2018-06-25 xing
2018-06-22 xue
This is the condition that I have interest.
I need to filter the table results to show just this:
2018-06-11 Netherlands xing
2018-06-11 United States xing
2018-06-11 Nigeria xing
2018-06-25 Brazil xing
2018-06-25 Brazil xing
2018-06-25 United States xing
2018-06-22 China xue
2018-06-22 China xue
2018-06-22 Brazil xue
Can anyone help me?
Thanks a lot!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
06-27-2018
08:39 AM
Add this to your current search:
| eventstats dc(Country) as count by cs_username,date
| where count>1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
06-27-2018
08:39 AM
Add this to your current search:
| eventstats dc(Country) as count by cs_username,date
| where count>1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pierre_weg
Path Finder
06-27-2018
09:41 AM
Great!
Thank you FrankVI.
Get Updates on the Splunk Community!
Community Content Calendar, November Edition
Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...
October Community Champions: A Shoutout to Our Contributors!
As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...
Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!
What are Community Office Hours?
Community Office Hours is an interactive 60-minute Zoom series where ...
