Hello all,
1) I would like to have a matrix of correlation (with |correlate) for the attribute (more than 20) of my table. I have a table like this:
Date...........Occurences...........Attribute
10/05/2013...........1100...............Attri1
10/05/2013............537...............Attri2
10/05/2013............837...............Attri3
11/05/2013...........1218...............Attri1
11/05/2013............496...............Attri2
11/05/2013............868...............Attri3
Is it possible to obtain this table with splunk commands?
......Date.........Attri1.........Attri2.........Attri3
10/05/2013...........1100............537............837
11/05/2013...........1218............496............868
specification: Date, ATTR1 and ATTR2 are the name of columns
2) I tryed to use a perl script and I obtain this error code:
"External search command 'test' returned error code 2"
What do I make ?
Based on the table you have you can just add the following to your search:
| timechart span=1d last(Occurences) by Attribute
I'm assuming that the table is created by a splunk search and that the Date column is the _time field.
If, you have further questions let me know.
Thank you !