Hi, I'm new to splunk 🙂
This is my query:
* Tagname="series" Wert="54" | JOIN _time [SEARCH Tagname="workload" ] | CHART VALUES(Wert) BY _time *
Goal:
The query above got me nearly 75% of my events. But sometimes the timestamp differs a little bit, so I need to have a tolerance range with +/- 3 seconds for "_time" .
How can I achieve this?
Thanks for your help,
Bastian
... View more