cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
lukas
Loves-to-Learn
Member since: ‎08-11-2020
‎08-11-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-11-2020
View All

Re: How to get stats count to include zero count b...

by in Splunk Search
‎08-11-2020 06:24 AM
‎08-11-2020 06:24 AM
Thanks for the feedback. Unfortunately it does not work, if I use the timechart command like this, I do not get any results back. ... View more

How to get stats count to include zero count by ti...

by in Splunk Search
‎08-11-2020 02:55 AM
‎08-11-2020 02:55 AM
Hi, I have a lookup file like this - users: User1 User2 User3 User4 ... I need to count the events by user: index=myindex  | stats count as count by user | inputlookup append=true userlist.csv | fillnull count | stats sum(count) as count by user | table user count It shows me the number of events per user in the CSV file. If a user has no events, the count is 0: user count User1 2593 User2 301 User3 0 User4 1284   But I need the output additionally splitted over time (span=1h). The output should look like this: time user count 11.08.2020 11:00:00.000  User1 1023 11.08.2020 11:00:00.000 User2 190 11.08.2020 11:00:00.000 User3 0 11.08.2020 11:00:00.000 User4 1284 11.08.2020 12:00:00.000 User1 1570 11.08.2020 12:00:00.000 User2 111 11.08.2020 12:00:00.000 User3 0 11.08.2020 12:00:00.000 User4 0 time + 1h ... ...   I saw few other questions in splunk answers but they didnt work for me... I hope you could help me. Thank a lot! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-11-2020 10:06 AM