×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
TSamon
Engager
Member since: ‎09-18-2024
‎09-19-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-18-2024
Activity Feed
View All

Re: timechart - add some columns and values are 0

by in Splunk Search
‎09-18-2024 11:07 PM
‎09-18-2024 11:07 PM
Many thanks! Yes, it is what I want, your answer is very helpful! Many thanks! ... View more

timechart - add some columns and values are 0

by in Splunk Search
‎09-18-2024 10:20 PM
‎09-18-2024 10:20 PM
Hello,  Based on this Splunk Query:   index=* AND appid=127881 AND message="*|NGINX|*" AND cluster != null AND namespace != null | eval server = (namespace + "@" + cluster) | timechart span=1d count by server Because the logs are only kept for 1 month, and in recent month, logs are only in server 127881-p@23p. So in the splunk query result, we only can see 1 column: 127881-p@23p   May I ask how to make the result has 3 columns: 127881-p@23p, 127881-p@24p, 127881-p@25p And since there is no logs in 24p and 25p rencently, the values for 24p and 25p are 0.   Thanks a lot!   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-19-2024 03:19 AM
Karma given to
View All