×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
xcheng123
Engager
Member since: ‎06-14-2016
‎06-05-2020
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎06-14-2016
View All

Re: How to write a search to return all rows for e...

by in Splunk Search
‎06-15-2016 10:39 AM
‎06-15-2016 10:39 AM
I figured this out with the following Splunk search: index=* (field_a=string_a OR field_a=string_b OR field_a=string_c) [search index=* (field_a=string_a OR field_a=string_b OR field_a=string_c) | eval category = case(match(field_a,"string_a"),"a",match(field_a,"string_b"),"b",match(field_a,"string_c"),"c") | stats dc(category) as dcCat by field_b | where dcCat = 3 | TABLE field_b] | eval category = case(match(field_a,"string_a"),"a",match(field_a,"string_b"),"b",match(field_a,"string_c"),"c") | Table field_a, field_b, field_c If it is incorrect or if anyone has any other solutions, please feel free to post. Thanks. ... View more

How to write a search to return all rows for each ...

by in Splunk Search
‎06-14-2016 10:52 PM
‎06-14-2016 10:52 PM
I am new to Splunk with questions below. Can anyone can help interpret the following request into a Splunk search statement? Dataset is like below: field_a field_b field_c string_a b1 c1 string_b b1 c2 string_c b1 c3 string_c b2 c3 string_d b2 c4 string_d b1 c5 I am going to create a splunk search like following SQL select* from table where field_a in ("string_a","string_b","string_c") and field_b in ( select field_b from table where field_a in ("stirng_a","string_b","string_c") group by field_b having count(distinct field_a) = 3) The expectation is to return all the rows for a field_b with all where all string_a, string_b, and string_c occurred in field_a, such as: field_a field_b field_c string_a b1 c1 string_b b1 c2 string_c b1 c3 Thank you all in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM