Hi,
I'm trying to use the Cluster Command to list our Authentication API used by Client IP's. Through searching the events, I already know I have multiple events that are being logged with the same Client IP field. When I try to use the cluster command in my search, I don't get any results. Any and all help would be much appreciated:
Screenshot of Search without any clustering. I have events with exactly the same IP among non repeating Client IP's:
index="dynatrace" | search name="CK Authentication Requests by IP" name="CK Authentication Requests by IP" "dimensions. CK Web Requests - Client IP"="78.207.277.206"
( I have used a bogus IP and erased the real IP due to my company's rules)
I need help with the Cluster Command Here. It doesn't return any data:
index="dynatrace"| search name="CK Authentication Requests by IP"| cluster t=0.8 showcount=t field="dimensions. CK Web Requests - Client IP" | table name,cluster_count, _raw, "dimensions. CK Web Requests - Client IP" | sort -cluster_count
... View more