...oth the stats and show the group by results of both the fields. If I run the same query with separate stats - it gives individual data correctly. Case 1: stats count as TotalCount by T...
Hi I have a vast data set with a sample as below. Need to group the data based on three columns latest timestamp data and get the fourth column value against the latest timestamp found for that group...
We want to work on some cost calculation by counting the number of characters per line and grouping the size per custom fields found in the line. For example: this is 1 line 295 <14&g...
Could we get some additional information on our Google chat splunk alert? For now I am only able to find a way to put $name$ in the message text, but is there a way to add additional i...
Requesting help with search query. I have application logs in Splunk like, 2024-04-02T12:26:02.244-04:00,severity=DEBUG,thread=main,logger=org.apache.catalina.core.NamingContextListener,{},Creating...
Hello.
I have a requirement of presenting a table with Countries, users and the number of users in that country..
SO I have a query :
…{query}..| stats count values(user) by country
This w...
...23456789"}. I use this query: "source" originalField AND ("SUCCESS" OR "FAILURE") | stats count by originalField This query groups my fields that contain a FAILURE status, but does not group the S...
My data looks like the following
student_id
browser_id
guid
datetime
x_id
12_a
Chrome_2
1122
1/9/23 14:45
788a
13_a
Chrome_4
1213
1/12/23 19:13
33b
...
I have all the relevant data I need from a single source but I am wanting to present it in a way that I can't get it to work. I want to show what departments/user/and the count that are using specifi...