×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ostoul
Engager
Member since: ‎03-30-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎03-30-2011
Activity Feed
Topics I've Started
View All

Re: Search And Report Discrepency

by in Splunk Search
‎03-30-2011 05:30 PM
‎03-30-2011 05:30 PM
I actually just figured it out the moment i posted it. It's much simpler than i was thinking. I was deduping over punct on the weekly set, so it would remove any of tuesday's punct duplicates if they occured on monday. so deduping over punct,date_mday solved this. This way it dedups punct on each day in question, not over the whole set. /dumb ... View more

Search And Report Discrepency

by in Splunk Search
‎03-30-2011 05:15 PM
1 Karma
‎03-30-2011 05:15 PM
1 Karma
Hi, I have a search that looks kinda like this: host=host1 OR host=host2 AND (errcode=E OR errcode=R) | dedup punct when i run this for Thursday the 24th - i get 22 results. However, when i add | timechart count , that day, it counts only 1 entry.. so if i click on the bar for that day, which says it counts 1 - the search that pops up has 22 entries! I don't know what i'm doing wrong, but i suspect it's not counting the right thing.. i did try count(_raw) but that did not change anything, still got 1 in the report and 22 results for the search. Thank you very much, Oleg ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM
Karma from
View All