Hi, I wanted a single graph to show values.  One search is  index="cumu_open_csv"  Assignee="ram" | eval open_field=if(in(Status,"Open","Reopened","Waiting","In Progress"), 1,0) | stats count(eval(open_field=1)) AS Open, count(eval(open_field=0)) AS closed by CW_Created this gives me a table as  Similarly I have another search  index="cumu_open_csv"  Assignee="ram" | eval open_field=if(in(Status,"Open","Reopened","Waiting","In Progress"), 1,0) | stats count(eval(open_field=1)) As DueOpen by CW_DueDate which gives me another table as  I tried to combine these two using appendcols...but the X-axis has only the CW_Created and displays the second table details in wrong CW. I wanted CW_Created and CW_Duedate to be combined and provide the result in a single table like CW, Open,Close,DueCount wherever DueCount is not for a particular CW fill it with 0, for others display the data like so..   Open Close DueCount CW27 7 0 0 CW28 2 0 0 CW29 0 0 4 CW30 0 7 3 CW31 0 0 1 CW32 0 0 1 Kindly help me with this. ... View more

Hi, I am writing a search to create 3 columns of data P,F and C based on Teams. The table which I expect is this Teams P C F team1 441 0 6 team2 4668 0 0 team3 2163 57 27 and the result table which i got is Teams P C F team1 441 57 6 team2 4668   27 team3 2163     The search which i am using is index="fq" | where Status="P" | stats count as P by Teams | fillnull value=0 P | appendcols [ search index="fq" | where Status="F"  | stats count as F by Teams | fillnull value=0 F] | appendcols [ search index="fq" | where Status="C" | stats count as C by Teams | fillnull value=0 "Covered"] Used fillnull too..But it did not work Kindly help me with this. ... View more

I have a two fields Calendar_week, Count... I am trying to create a New field as Cumulative count which will add the previous cumulative count with Current Count. For eg  Calender_week----Count----Cumulative_Count 1                              ---- 0        ----0 2                              ---- 1       ----1 3                             ---- 2       ----3   Is there a search which could do this.. Thanks ... View more

Hi...I have installed trial version of Splunk. It is very strange that I see a folder named as Splunk in my Program files of  C: I am able to create Apps, do searches , Dashboards and everything. But I wanted to open  the Splunk directory in C: but couldn't open it. The Folder just doesn't open. Could there be any specific reason for this. KIndly help me with this. Thanks!! ... View more

Hi....I am relatively new to Splunk... So i am uploading a csv file as a input to splunk and trying to plot charts....The thing I have the contents of csv file in a specific format... Example: so when i upload this csv to splunk it creates a table like this The problem is the Names are not shown for certain rows (even though the user knows from seeing the csv that first 5 rows belong to Raja and next 5 rows belong to Pragya) and only in some rows Names can be seen.. Is there anything we can do in splunk internally to solve this...Any help would be great!! Thanks!! ... View more