Transform a table and error code when using a perl...

Fabien05 · ‎05-22-2013

Hello all,

1) I would like to have a matrix of correlation (with |correlate) for the attribute (more than 20) of my table. I have a table like this:

Date...........Occurences...........Attribute

10/05/2013...........1100...............Attri1

10/05/2013............537...............Attri2

10/05/2013............837...............Attri3

11/05/2013...........1218...............Attri1

11/05/2013............496...............Attri2

11/05/2013............868...............Attri3

Is it possible to obtain this table with splunk commands?

......Date.........Attri1.........Attri2.........Attri3

10/05/2013...........1100............537............837

11/05/2013...........1218............496............868

specification: Date, ATTR1 and ATTR2 are the name of columns

2) I tryed to use a perl script and I obtain this error code:

"External search command 'test' returned error code 2"

What do I make ?

chris · ‎05-22-2013

Based on the table you have you can just add the following to your search:

| timechart span=1d last(Occurences) by Attribute

I'm assuming that the table is created by a splunk search and that the Date column is the _time field.

chris · ‎05-23-2013

If, you have further questions let me know.

Fabien05 · ‎05-23-2013

Thank you !

Transform a table and error code when using a perl script