×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
TedWhite
Engager
Member since: ‎03-12-2021
‎03-12-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-12-2021
View All

Re: Splunk Table with data from multiple points in...

by in Splunk Search
‎03-12-2021 08:57 AM
‎03-12-2021 08:57 AM
Perfect, thanks exactly what I needed. ... View more

Splunk Table with data from multiple points in tim...

by in Splunk Search
‎03-12-2021 05:12 AM
‎03-12-2021 05:12 AM
I have a datasource that drops data into Splunk every 10 minutes that contains data about my team's workflow. The data in Splunk looks something like this 10:00am "Priority" = 10 10:00am "Normal" = 100 10:10am "Priority" = 8 10:10am "Normal" = 102 10:20am "Priority" = 12 10:20am "Normal" = 95 etc. I want to create a table that looks like this: Priority Type, Tickets Now, Tickets 1 hour ago, Tickets 24 hours ago Normal,95,100,103 Priority,12,,10,8   My search is:   index="data" source="log" earliest=-12hr TicketPriority= "Normal" OR "Priority" | bin field3 span=10m | dedup TicketPriority | stats values(field3) by TicketPriority   How can I get it to add the numbers of tickets from 1 hour ago and 24 hours ago? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎03-12-2021 07:44 PM