Hello all,
I'm trying to get the stats commands to work in chain. I have the following data:
08 January 2016 09:10:10 website=abc.com, user=user1, message=blahblah1
08 January 2016 09:10:1...
Hey,
In Splunk, you can sort your search results by field using the sortcommand.
Is it possible to sort search results by row?
E.g. If I have a search that produces the following t...
...time=strftime(_time,"%b - %Y")
| xyseries source, _time, timesran
| fillnull value=0
| rename source as "Process"
Now the results are like,
Process Aug - 2017 Dec - 2017 Feb - 2018 Jan - 2...
...ndex=os source=/var/log/sla/sla.log
| table SLATime, SLAState
| sort - SLATime
| search SLAState=DOWN
I get no results. So, I exported the results from the sort (without the search) to a CSV, a...
...inutes)"
resulting in something like this:
But when I modify it to this so that I put the records into a transaction by Incident:
index=Incidents | eval timey=strptime(UpdateTime,"%Y-%m-%d %H...
hello
I have an issue with the the tonumber command
When I execute the query below and even if I specify that I want (HealthState00 < "85.00") I have results <"85.00" and also results...
I have four versions of a nearly identical search. The last one returns a completely different result. What is it about the interaction of the "sort" and "head" commandsthat changes t...
I have a very simple search and when I add the sortcommand i lose almost 90% of my actual results.
index="features" application=kokoapp type=userStats
| sort feature
| d...
I have a query that looks like the following:
index=<> host=<> |rex=<> spath <>|table a,k,h|sort time|append[|dbquery DB "select X,Z,W,P from table_T where <> Order B...