×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
sravan
Explorer
Member since: ‎07-25-2023
‎07-31-2023
Community Statistics
Posts 4
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎07-25-2023
View All

Re: How to get rid of fields/columns generated by ...

by in Splunk Search
‎07-30-2023 10:43 PM
‎07-30-2023 10:43 PM
fieldformat also didnt work for me. Below one worked:   <base_search>| | eval duration = duration_seconds + (60 * (duration_minutes + (60 * duration_hours))) | fieldformat duration = tostring(duration, "duration") | fieldformat duration_in_minutes = duration / 60 | fields "cls_id", "duration_in_minutes" | stats sum(duration_in_minutes) by cls_id ... View more

How do i remove values shown in graph

by in Splunk Search
‎07-26-2023 02:09 AM
‎07-26-2023 02:09 AM
In the below graph i see values displayed on top of each bar. How do i remove them?       ... View more
Labels

Re: How to get rid of fields/columns generated by ...

by in Splunk Search
‎07-25-2023 06:02 AM
‎07-25-2023 06:02 AM
I tried that as well , but i keep getting null/empty values for "duration_in_minutes" - same as how when i use below:  | table cls_id, duration_in_minutes.  BTW when we use fields , will it stop processing all other intermediate fields and hence i dont see them?   ... View more

How to get rid of fields/columns generated by stat...

by in Splunk Search
‎07-25-2023 05:07 AM
‎07-25-2023 05:07 AM
I want to find time difference between two events (duration some operation took) and plot a graph which shows how much time it took for each of the entity ... I gave some query mentioned below : <base_search>| | eval duration = duration_seconds + (60 * (duration_minutes + (60 * duration_hours))) | fieldformat duration = tostring(duration, "duration") | fieldformat duration_in_minutes = duration / 60   Now i got correct output in the form of a table , but with some extra fields  I need first column (cls_id) and last column (duration_in_minutes) , Can someone help how can i get that? I tried appending | table cls_id , duration_in_minutes , but that gives null value for "duration_in_minutes" field/column. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-31-2023 08:56 AM