Hi guys,
my problem is how to make working following query
| pivot Cisco_IOS_Event Cisco_IOS_Event count(host) AS "Count of host" avg(severity_id) AS "Average of severity_id" count(Cisco_IOS_Event) AS "Count of Cisco IOS Event" SPLITROW host AS host SORT 100 host ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1 FILTER host is $host$
where $host$ refers to a field of a checkbox as
i've no problem if network is only one, but AND or OR operator are making my head spinning 'cause not admitted if prefixed to PIVOT query.. "The pivot command can only be used as the first command on a search"
any idea abt how solve this?
many thx
Hi @null0,
Try in
in your filter
| pivot Cisco_IOS_Event Cisco_IOS_Event count(host) AS "Count of host" avg(severity_id) AS "Average of severity_id" count(Cisco_IOS_Event) AS "Count of Cisco IOS Event" SPLITROW host AS host SORT 100 host ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1 FILTER host in $host|s$
And set the token so that the values are in a format (value1,value2,value3,etc)
Reference : http://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Pivot#Descriptions_for_filter_elem...
guys! no idea how to solve this?
Please