cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
shaycoshay
Engager
Member since: ‎12-13-2023
‎12-14-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎12-13-2023
View All

Query for subtracting the timechart span results o...

by in Splunk Enterprise
‎12-13-2023 03:59 PM
‎12-13-2023 03:59 PM
Hello! I'm new to splunk so any help is much appreciated. I have two queries of different index.  Query1: index=rdc sourcetype=sellers-marketplace-api-prod custom_data | search "custom_data.result.id"="*" | dedup custom_data.result.id | timechart span=1h count   Query2: index=leads host="pa*" seller_summary | spath input="Data" | search "0.lead.form.page_name"="seller_summary" | dedup 0.id | timechart span=1h count I would like to write a query that executes Query1-Query2 for the counts in each hour. It should be in the same format. Thank you!! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-14-2023 12:36 PM
Karma given to
View All