@auaave - If you want to achieve it. Check if you have any date information or date filed in your events. You can pick that date and filter the required information.. For example if you have a filed like order_date or order_close_date then you can filter the data with help of it rather than using earliest and latest. kindly check based on what timestamp data are indexed into splunk..
... View more
hello,
If the values of the table are frozen, I think you can go through this solution :
| eval Approved=if((Approved=="NULL" OR isnull(Approved)),0,Approved)| eval "Email values"=if((Email=="NULL" OR isnull(Email)),0,Email) | eval "PDF values"=if(("PDF values"=="NULL" OR isnull("PDF values")),0,"PDF values") |eval Area=if(SNO=="3" AND Area=="CA","PR",Area)|dedup Area |table SNO,Area,Approved,"PDF values","Email values"
... View more
Hi p_gurav!
Could you please share your experience, are these 2 solutions reliable as an instument for data input?
Like splunk dbconnect, for example.
Thanks in advance.
Rashid
... View more