Hi all,
I'm trying to get the hang of Splunk and was stuck somewhere (who wasn't? :). I did search other topics to no avail.
I have events that contain stats from more than one device in a system, such as a bunch of battery voltages. Sample fields from an event could be:
Timestamp, BAT0Voltage, BAT1Voltage, BAT2Voltage, BAT3Voltage
I'm trying to include the BATxVoltage field with the largest value in a dashboard single-value panel. So I would see 566 Volts in the panel for the following sample event:
$Timestamp, 566, 543, 512, 499
But the dashboard would show 593 from this one:
$Timestamp, 566, 543, 593, 496
See, BAT0Voltage was selected in the first event, but BAT2Voltage is selected in the second as it has the largest value in a string of fields.
Thanks in advance to anyone with any ideas (working or not!).
... View more