I'm trying to track state changes but having a difficult time. Ideally I'd like to know when a state changes from 0 to either 1, 2 or 3 and then back to 0, capturing the event's date/time that the value changed initially from 0 until it goes back to 0 in a dashboard panel. Is that possible?
Hi
you could try https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/Streamstats with reset_on_change attribute.
r. Ismo
Hi
you could try https://docs.splunk.com/Documentation/Splunk/8.1.3/SearchReference/Streamstats with reset_on_change attribute.
r. Ismo
Thank you, that works!