Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multivalue Chart

rahulbhatt04
Engager
‎09-12-2014 09:12 AM

I have to write a time chart in a day how many different event value happened.

[- logToABTest() response ABTestLog [uniqueId:123, abTestName:null, experience:null, eventName:State:, eventValue:funding_source]

[- logToABTest() response ABTestLog [uniqueId:123, abTestName:null, experience:null, eventName:State:, eventValue:first_page]

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-12-2014 11:18 AM

This doesn't really seem to be a question, but let me try to answer it anyway.

yoursearchhere
| rex "eventValue:(?<eventValue>.*)\]"
| timechart count by eventValue

This assumes that you do not already have a field named eventValue. If you do have the field, you can leave off the second line.

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎09-12-2014 11:18 AM

This doesn't really seem to be a question, but let me try to answer it anyway.

yoursearchhere
| rex "eventValue:(?<eventValue>.*)\]"
| timechart count by eventValue

This assumes that you do not already have a field named eventValue. If you do have the field, you can leave off the second line.

Reply
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...