Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Reporting on "Other"

a212830
Champion
‎04-27-2012 11:27 AM

Hi,

I am doing a search to report on some eventtypes. The eventtypes report fine, but I also want to put anything that isn't categorized as an eventtype into "other" in the table. Is there a way to do this? s

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎04-27-2012 12:01 PM

| where isnull(eventtype) ?

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sowings
Splunk Employee
Splunk Employee
‎04-27-2012 12:01 PM

| where isnull(eventtype) ?

0 Karma
Reply
Solved! Jump to solution

a212830
Champion
‎04-27-2012 12:27 PM

Awesome. Thanks. Just took the second reporting class and things are slowly clicking...

0 Karma
Reply
Solved! Jump to solution

sowings
Splunk Employee
Splunk Employee
‎04-27-2012 12:26 PM

Sorry, I thought you wanted to search expressly for items which did not have an assigned eventtype. I suggest yannK's answer above.

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎04-27-2012 12:22 PM

source="/var/opt/trapx/log/traps-all.log" | eval eventtype=if(isnull(eventtype),"null",eventtype) | fields eventtype, host |chart count by eventtype, host |addcoltotals | addtotals fieldname=Totals

if the events have no eventtype, then the field will be created and populated with "null"

Reply
Solved! Jump to solution

a212830
Champion
‎04-27-2012 12:15 PM

lost me on that - what is it doing?

My search is:
source="/var/opt/trapx/log/traps-all.log" | fields eventtype, host |chart count by eventtype, host |addcoltotals | addtotals fieldname=Totals

Which works fine, but ignores "non-eventtypes". I want to include totals for these in my chart.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...