- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have a unique type of column in 4 different indexes , but they all have similar latitude and longitude.
can i show all these 4 column values ( or percentage ) on a single geostat command...
in other words can a single geostat show 4 different values from 4 different indexes.
ex of 2 indexes . i have type=a and its percentage in index1
i have type=b and its percentage in index2
now when i run the geostat command with lat/lon , i wish to see that location on the map, showing both these 2 types and their respective percentages.
is it possible with splunk /geostat ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey you can try something like this
index=index1 OR index=index2 OR index=index3 OR index=index4 | geostats latfield=lat longfield=lon values(percentage) by type
let me know if this helps you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey you can try something like this
index=index1 OR index=index2 OR index=index3 OR index=index4 | geostats latfield=lat longfield=lon values(percentage) by type
let me know if this helps you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
have you tried this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, i dumped all the different indexes into a single index with similar columns and made it easier for me. thanks..
john.
