I know that there is a splunk documentation page for the append command, but I have not found any splunk documentation for the appendcols command. I wonder if there are other less-documented a...
Here is my query:
index search "INFO: ZIP_SEARCH" | stats count as "Uses" by cat_userid cat_role | appendcols[index search "INFO: COMPARE" | stats count as "Compare" by cat_userid cat_role]| appendcols...
...la volume is not lining up as expected.
Any thoughts of what I am missing here in the appendcols?
eventtype=client_rest_volume earliest=-7d@w0 latest=@w0
| bucket _time span=1d
| stats c...
Currently I have a long query that gives me the results that I want, but not in the order that I want. Here is my sample query:
search xyz| appendcols [search abc ]| appendcols [search 123 ]| appendcols...
...ICKNUM>=1 |stats count by FIELD1 FIELD2
When I add the second search as an appendcols I notice that some of the counts are blank / missing. I suspect my appendcols isn't joining properly.. I a...