×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mackiae
New Member
Member since: ‎05-02-2017
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-02-2017
View All

Re: Combine search results from one source in char...

by in Splunk Search
‎05-10-2017 02:24 AM
‎05-10-2017 02:24 AM
Hi DalJeanis, Sorry for delayed response. I tried your suggested solution above and I can see the logic behind it, all makes sense. The accum command would not allow me to split by Risk in the version of Splunk we are running here. The counting is much closer that I got using the concurrency commands, and I am very sure that it is on the verge of getting the right answer out. But alas detailed analysis of the output show there are still inconsistencies. The sponsor has decided to mothball this for now as we have other tasks to deliver (It's her budget!) - it does not help that we discovered the input data quality is poor (being generous here!). But thanks again for taking time to look at this and for sharing your knowledge and wisdom here. If we come back to it and finally get the right numbers out I will post how we did it. Cheers, Mackiae ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM