For example, if you want to group log events by the source IP address, you would use the following command: xxxxxxxxxx. So, here's one way you can mask the RealLocation with a display "location" by checking to see if the RealLocation is the same as the prior record, using the autoregress function. To use the group by command in Splunk, you simply add the command to the end of your search, followed by the name of the field you want to group by. Here is a complete example using the internal index. One field and one field.If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers. Please try to keep this discussion focused on the content covered in this documentation topic. For the chart command, you can specify at most two fields. You must be logged into in order to post comments. The syntax for the stats command BY clause is: BY . You just want to report it in such a way that the Location doesn't appear. With the stats command, you can specify a list of fields in the BY clause, all of which are fields.Your data actually IS grouped the way you want. The BY clause returns one row for each distinct value in the BY clause fields.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |