Dear Splunkies,
I am very happy with Splunk so far, but ran into one issue, I stuck.
I got a log file, containing a timestamp and a value, example below:
2015-05-18 1:53:30 Count=12
I want to use the Count (here 12) as value to display a chart but it usually displays a list of Count entire, found in my log file.
I'm pretty sure it's a very simple thing, but right now I don't see it.
Please advice.
Thanks very much
T.
Hi again.
I found a solution, by using field extractor to describe a field named "UserCount". then I used the following query to create a bar chart:
source="/opt/webants-dns/logs/ddnscount.log" | stats avg(UserCount) by _time | reverse | head 10
Thank you all.
T.
Hi again.
I found a solution, by using field extractor to describe a field named "UserCount". then I used the following query to create a bar chart:
source="/opt/webants-dns/logs/ddnscount.log" | stats avg(UserCount) by _time | reverse | head 10
Thank you all.
T.
What does your failing search look like?