×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Vig95
Engager
Member since: ‎07-22-2023
‎07-26-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-22-2023
Activity Feed
Topics I've Started
View All

Using stats and table command

by in Splunk Search
‎07-22-2023 01:10 PM
‎07-22-2023 01:10 PM
Hi, I am new to splunk, could you please help me with below SPL, I am trying to use stats and table command We have 4 entries for same incident, I need to pick earliest time. Index="monitoring" sourcetype="tool" incident_id=INC* | stats earliest(_time) as early | table "mc_host" "incident_id" "early" | convert ctime(early)   I am getting error if execute.     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-26-2023 08:50 AM
Karma given to
View All