×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
aahadqj
Explorer
Member since: ‎02-14-2011
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎02-14-2011
Activity Feed
View All

Re: Comparaing strings of different key

by Splunk Employee in Splunk Search
‎02-17-2011 07:13 PM
1 Karma
‎02-17-2011 07:13 PM
1 Karma
I would probably put this into a dashboard so you could run the following search: YourSearch | eval Match=if(var1=var2,"Match","No Match") And then do post processing for the number of matches and mismatches: | timechart count by Match and for the variations of Var1: | timechart distinct_count(var1) I was trying to find a way to put it all into one search, but couldn't see an easy way to allow it to chart over time. For a one time result, you could use the following: YourSearch | eval Match=if(var1=var2,"Match","No Match") | eventstats distinct_count(var1) as Var1Count | stats count, first(Var1Count) by Match It's a bit hokey, though. Perhaps someone will take it the rest of the way. ... View more

Re: timechart percentage data - not working

by Splunk Employee in Splunk Search
‎02-15-2011 12:22 AM
‎02-15-2011 12:22 AM
The timechart can't perform the eval math, my mistake. As a quick fix to get you going, do the search as you originally had it, but add "by _time" to the end of your stats command. That will produce the time values you need for the timechart. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All