This doesn't group by nino as I would have liked but I went for second best and grouped by the "timeList" i.e. index=main auditSource="iht" auditType=Questionnaire "detail.version"=1 | rename detail.activity AS activity, detail.easytouse AS select, detail.nino AS nino | eval activity=if(activity="","Not filled",activity) | makemv allowempty=true delim="," activity| mvexpand activity | eval activity = case(activity =1, "Register", activity=2, "Provide asset information", activity=3, "Provide gift information", activity=4, "Provide debt information", activity=5, "Provide exemption information", activity=6, "Increase Threshold", activity=7, "Check estate report", activity=8, "Declare and submit application", activity=9,"Request clearance", 1=1, activity) | eval select = case(select =1, "Very easy", select=2,"Easy",select=3,"Neither easy nor difficult",select=4,"Difficult",select=5,"Very difficult",select="","Not filled") | rex field=nino mode=sed "s/(\S/\1X/g" | stats values(activityList) values(selectList) by timeList If this reply helps you, Karma would be appreciated. Today, however, the company announced that it will be laying off roughly 325 staff members, or about 4 of its workforce. The software producer has enjoyed an excellent start to the year, with shares up more than 11 so far in 2023. Note the use of sum instead of count in the stats commands. To get counts for different time periods, we usually run separate searches and combine the results. ![]() To put multiple values in a cell we usually concatenate the values into a single value. Following this guide, what makes me a bit confused is step 4 they states only to create a macro to capture fields saved on a local file, but no indication. 1 Splunk tables usually have one value in each cell. Due we have not Enterprise Security, I must follow steps described in section Splunk non-Enterprise Security Users. This search includes all the events associated with each field in this set of data. The guide I'm following is the following one: Splunk py for NON ES users. indexfoo TicketEncryptionType0x17 AccountDomain'ad.' stats count by ServiceName. Splunk (NASDAQ:SPLK) is the latest technology company to join the layoffs trend. In this example, we’re using this search: indexsplunktest sourcetypeaccesscombinedwcookie Using job inspector, we can see it took about 7.3 seconds to run this search. This will give you a list of Service Names and a count of how many of each were found. Example 3: The new field, zipped is the result of the mvzip function. This function takes two multivalue fields, X and Y, and combines them by stitching together the first value of X with the first value of field Y, then the second with the second, and so on. Currently, I have jobid>300 sort created stats latest. This helps to keep the association among the field values. Similar questions use stat, but whenever a field wraps onto the next line, the fields of a single event no longer line up in one row. Id like to do this using a table, but dont think its possible. I'm running the query below which works fine. It depends on the what you want the output to look like. I am trying to group a set of results by a field. ![]() Hi, I wonder whether someone may be able to help me please.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |