×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Sanshan
Observer
Member since: ‎07-20-2023
‎07-21-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-20-2023
View All

Re: Group events by specific field and generate ti...

by in Splunk Search
‎07-20-2023 10:40 PM
‎07-20-2023 10:40 PM
Sure, the "field1" has a value of random UUID to mark a single trigger behavior. But in some cases, it returns two times' logs with the same UUID, so I really need to separate the two situations(A: A unique UUID only appeared in one event; B: In two different events, they have the same UUID). For the chart: ... View more

Grouping events by specific field and generate tim...

by in Splunk Search
‎07-20-2023 09:30 PM
‎07-20-2023 09:30 PM
There is a complicated requirement for me, the splunk beginner. Hope you can give me some advice. The splunk version: 9.0.2303.201 Since there are a lot of logs(events) that meet my search requirement, I want to generate a time chart with those logs.  I want to group those logs by a specific field named "field1": For events in group A, their "field1" value is unique when compared with all other events; For events in group B, their "field1" value has been repeated once when compared with other events, which means when I search the value of "field1"(group B),  it will return two events. Based on this premise,  I want to count the event that happened times of both two groups, and display them in a timeline(time chart), what can I do? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-21-2023 03:12 AM