Hi Splunk colleagues,
I need the following output:
Day 1 difference to Day2 = + or - in counts to see the trend of errormessages.
It is a multitude of times in the timerange to select and then by eye to compare the numbers...
My Search for today is following:
* | chart count by sourcetype, ERRORCODE | sort -count
Day 1: (for example today)
sourcetype ERRORCODE2 ERRORCODE2 ERRORCODE3
WIN32 0 0 138
UNIX 0 0 60
AUTO 0 0 844
LDAP 0 24 703
Day 2:
sourcetype ERRORCODE2 ERRORCODE2 ERRORCODE3
WIN32 5 0 138
UNIX 0 0 60
AUTO 0 8 0
LDAP 1 24 100
... View more