You would then use the token $indexes$ in your query to get the selected index data. This example sorts the results first by the lastname field in ascending order and then by the firstname field in descending order. Specify different sort orders for each field. To learn more about the sort command, see How the sort command works. I'm having issues with multiple fields lining up when they have different amount of lines. The following are examples for using the SPL2 sort command. ![]() I want to group by trace, and I also want to display all other fields. To display raw event data for grouped events. For a complete list of transformations, refer to Transformation functions. ![]() fields connectionType sourceIp sourceHost splunkserver version os arch kb guid. Putting the following at the start of your form/dashboard will give you a dropdown list, from which you have options abc and def, corresponding to the set of indexes you mentioned. I have trace, level, and message fields in my events. Using transformations, you can: Rename fields Join time series data Perform. is a collection of Splunk searches and other Splunk. The from command also supports aggregation using the GROUP BY clause in conjunction with aggregate functions calls in the SELECT clause like this: FROM main WHERE earliest-5mm AND latestm GROUP BY host SELECT sum (bytes) AS sum, host.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |