×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
nowakgft
Engager
Member since: ‎07-26-2022
‎07-26-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-26-2022
View All

Re: Get columns associated with max value of speci...

by in Splunk Search
‎07-26-2022 07:28 AM
‎07-26-2022 07:28 AM
I gave it a try, changed it in two places (corrected typo in max maxExecutionTime and changed by endpoint to by timeWindow). index = myindex | bucket span=30m _time as timeWindow | eventstats max(executionTime) as maxExecutionTime by timeWindow | where executionTime=MaxExecutionTime | table timeWindow _time endpoint maxExecutionTime | convert ctime(timeWindow)   Now works like a charm 🙂 Thank you! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-26-2022 10:49 AM
Karma given to
View All