I got issue and issue with command and it is related to delimiter and in my logs delimiter is new line. So can you tell me how to set parameter to new line like command makemv delim=";" Also I searched and get to know that there is know mechanism to set parameter for \n. ... View more

Thanks @adonio n @skoelpin I tried the command which is given by adonio and it works successfully for manual entry(makeresults value). But whenever I am dealing with actual file it showing empty data. PFB my command, bemLog=RetrieveInterestRate | eval Event = "RetrieveInterestRate" | makemv delim=";" Event | mvexpand Event | rex field=Event "SCVT\s+(?[^\s]+).+at\s+(?\d{2}-\d{2}-\d{4}\s+\d{2}:\d{2}:\d{2}:\d{3})" | rex field=Event "TransactionId-(?\S+))" | eval time_epoch = strptime(time, "%d-%m-%Y %H:%M:%S:%3N") | eval recieved_time = if(request_or_response="Recieved",time_epoch,null()) | eval response_time = if(request_or_response="sent",time_epoch,null()) | stats values(recieved_time) as rec_time values(response_time) as res_time by transaction_id | eval duration_in_seconds = res_time - rec_time bemLog=RetrieveInterestRate printing the logs in below format Time Event 7/25/18 25-07-2018 10:47:46:680 [RetrieveInterestRate][INFO ]: |BEM_Gateway_Response_MF Request Processing Summary(Transaction Id-ABC123) 10:47:46.680 AM SCVT sent response back to consumer at 25-07-2018 10:47:46:671 7/25/18 5-07-2018 10:47:46:540 [RetrieveInterestRate][INFO ]: |BEM_Gateway_Request_MF Request Processing Summary(TransactionId-ABC123) 10:47:46.540 AM SCVT Recieved Request at 25-07-2018 10:47:46:537 ... View more

I tried and I got result in below format. But I want one more column which will show (response-request) result transactionId request response 1 GCP_198253791 21-02-2018 08:13:32:045 21-02-2018 08:13:35:049 2 GCP_218300826 21-02-2018 08:22:25:047 21-02-2018 08:22:29:177 3 GCP_221454910 21-02-2018 08:06:52:611 21-02-2018 08:06:53:412 ... View more

I tried and got below result. transactionId request response 1 GCP_198253791 21-02-2018 08:13:32:045 21-02-2018 08:13:35:049 2 GCP_218300826 21-02-2018 08:22:25:047 21-02-2018 08:22:29:177 3 GCP_221454910 21-02-2018 08:06:52:611 21-02-2018 08:06:53:412 ... View more

Hi , I didn't understand the document. Also I don't have the splunk server access so I can't check inputs.conf.file . Is it possible through dashboard or custom search query. ... View more

I tried but I didn't get the proper solution So could provide solution on it, My query is that I have to set different range values for count for different values. ... View more

Hi Giuseppe, I don't know how to Dashboard Examples App. Could please assist? Also I have checked Dashboard tutorials. But there is no any example for my requirement. I have below requirement, Two columns are there and I want set number range on second column on the basis of first column values. It mean I want to set different ranges for different values of 1st column. ... View more

Sure. Next time will follow this. ... View more

Thanks HiroshiSatoh. Could you please do one more help. I want to print top 20 count value in sorted order ... View more