×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
falcom92
Engager
Member since: ‎09-18-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎09-18-2014
Activity Feed
Topics I've Started
View All

Re: How to compare two weeks ?

by in Splunk Search
‎02-25-2015 01:28 AM
‎02-25-2015 01:28 AM
I find the solution with append and it works. index="market_logs" host="12.0.0.1" OR host="12.0.0.2" AND status="rejected" OR status="error" AND srcip="192.168.0.1" OR srcip="192.168.0.2" | stats count | append [search index="market_logs" host="12.0.0.1" OR host="12.0.0.2" AND status="rejected" OR status="error" AND srcip="192.168.0.1" OR srcip="192.168.0.2" earliest=-14d@h latest=-7d@h | stats count] Thanks. ... View more

How to compare two weeks ?

by in Splunk Search
‎02-20-2015 02:59 AM
‎02-20-2015 02:59 AM
Hi, I use Splunk 6.2. I try to compare two values between two differents weeks. index="market_logs" host="12.0.0.1" OR host="12.0.0.2" AND status="rejected" OR status="error" AND srcip="192.168.0.1" OR srcip="192.168.0.2" | eval r_before = [search index="market_logs" host="12.0.0.1" OR host="12.0.0.2" AND status="rejected" OR status="error" AND srcip="192.168.0.1" OR srcip="192.168.0.2" earliest=-14d@h latest=-7d@h | stats count] | stats count AS r_now But it doesn't work. I have the following error : "Error in 'eval' command: Fields cannot be assigned a boolean result. Instead, try if([bool expr], [expr], [expr])." I use a script who extract the two values. Can someone help me please ? Thanks, falcom92 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM