Hello,
i have to following problem.
I have one search, listing me some hosts and their matching environment, search range: all time.
index=idx_stats | top limit=10000 host,envi | fields - count,percent
And i have a second search, for the last 7 days, that delivers me the "per_host_thruput" from out of the Splunk _internal index. I want to match now those by host and day results with the list of host and environments above. How can i achieve that?
index="_internal" source="*metrics.log" group="per_host_thruput" | eval date=strftime(_time, "%F") | chart sum(kb) over series by date
... View more