About mukulraghuram

mukulraghuram · ‎05-18-2020

Hi richgalloway, Thank you. What changes are needed if we have multiple source files and want to extract 20 events from each file. The following combines both the sources and returns 20 events from one file or partial events from both the files. Please suggest. |map search="search index=index1 source="456.log" OR source ="789.log" latest=$date_x$ | head 20" Regards

mukulraghuram · ‎05-17-2020

Hi Experts, I am trying to find a string pattern "a word" in the primary search from source="123.log" and then from time line of each pattern matching event, i would like to display some 20 events from a different source="456.log", prior to the time of events found from source="123.log". Even join and other subsearches did not help. As shown below, the Primary search is suppressing results to secondary search . index=index1 source="123.log" <pattern to find> |eval date_x=strftime(_time,"%m/%d/%Y:%H:%M:%S") |streamstats count |where count>0 |search index=index1 source="456.log" earliest=date_x|top limit=20 source Please help. Thank you.

mukulraghuram · ‎04-30-2020

Need to transform like this. Please help. Before: Col1----Col2 Name1---- a ------------b --------c After:` Col1 Col2 Col3 Col4 Name1 a b c

Posts	3
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎04-30-2020

Online Status	Offline
Date Last Visited	‎06-05-2020 02:03 AM

Primary search is suppressing results to secondary...

transpose xyseries not helping

Re: Primary search is suppressing results to secon...

Primary search is suppressing results to secondary...

transpose xyseries not helping

Join the Conversation

Primary search is suppressing results to secondary...

transpose xyseries not helping

Re: Primary search is suppressing results to secon...

Primary search is suppressing results to secondary...

transpose xyseries not helping