Hello!
I'm fairly new to Splunk, and I'm using my Minecraft server logs to chart some data. I am having a hard time charting rare values. Here is the search I'm trying:
index=minecraft action=block_broken
| rare block_type
| chart count(block_type) over player by block_type useother=f
This does not work. I know I'm doing this incorrectly, but I'm not sure how, exactly. Any tips would be greatly appreciated!
Hi jonkeiser,
after rare command you have only three fields: block_type, count and percent; so you don't have field "player" more.
You should use a different approach, something like
index=minecraft action=block_broken
| chart count(block_type) over player by block_type useother=f
Bye.
Giuseppe
This won't return the rare values, though, which is what I need. I am already using that search to return the top values.