About obularajud16

obularajud16 · ‎08-31-2020

Yes, but it's not worked.

obularajud16 · ‎08-31-2020

With the below query I am able to get data as below(first one) and I need to convert it as second box For the time field I am getting common values and i need to merge and combine them as shown. is there any way to achieve this, I've tried with values() but it is not working sourcetype=access_combined | eval action = if(isnull(action) OR action="", "unknown", action) | bin _time span=102h |eval Time=strftime(_time,"%Y-%m-%d %H:%M:%S") | stats count as totals by action,Time | sort -Time,action

obularajud16 · ‎08-29-2020

Got the answer with the below sourcetype=access_combined | eval action = if(isnull(action) OR action="", "unknown", action) | bin span=72h _time | stats count as totals by action, span(=_time,72h) | sort -_time,action

obularajud16 · ‎08-29-2020

As I mentioned, i need data in row format not in column format to group by multiple fields timechart span=40h count by action, status

obularajud16 · ‎08-29-2020

Ghj sourcetype=access_combined | eval action = if(isnull(action) OR action="", "Unknown", action) | timechart span=40h values(action),count(action)

Posts	5
Solutions	1
Karma Given	0
Karma Received	0
Member Since	‎08-29-2020

Online Status	Offline
Date Last Visited	‎09-03-2020 12:51 AM

Merge multiple rows into one of a field

Field values

Re: Merge multiple rows into one of a field

Merge multiple rows into one of a field

Re: Unable to get field value wise segregation cou...

Re: Unable to get field value wise segregation cou...

Field values