I have data in two different applications. I need to get fields from one query to use as filters for another, like this: ``` app=app1 | rex field=environment_url "https:\/\/(?<app_name>....
All, I have 2 separate queries working from AWS Description data that we collect on a regular basis. The ask from one of our portfolio leads is to send them a report on a weekly basis (M...
Dear Experts,
Kindly help to modify Query on Data Model, I have built the query.
| tstats summariesonly dc(All_Traffic.src) as src_count from datamodel=Network_Traffic where * by A...
Hi, I've been trying to piece together a query that a power user could run that could report the GB/Day of data indexed for a particular index without having to access the license usage data (which a...
...ame | table name failed ] | table name pass failed
For some reason "failed" column values by the query #2 are different to values from join in the query #3, but "pass" column valuesare t...
...he tags.studentId from a csv file (the fieldname is student_id and has ~100 entries). So the output should look like - student_id| latest timestamp from 1st query| latest t...
...S_sourcetype=x
Source=lkms
}
Now, If query as index=123 | table log --> I get the complete data in the log field but my aim to create a table with columns as ProcessCPUload, S...
...rror")
| rex mode=sed field=MessageText "s/, /\n/g"
| sort RunStartTimeStamp asc, LogTimeStamp asc, LogID ASC This works and gets the data I need for the error I am after, but, I w...