Hi,
I am very new to splunk and wanted to know if someone can help me in groping columns fo rmy query below :
source="metric.log" sourcetype="alerts" |
eval Diff=strptime(alertTs, "%Y-%m-%d %H:%M:%S")-strpTime(tranTs, "%Y-%m-%d %H:%M:%S") |
stats count(alertId) as Total,
count(eval(Diff<60)) as Less_Than_1M,
count(eval(Diff>=60 and Diff<300)) as Within_1M_5M,
count(eval(Diff>=300)) as Greater_Than_5M|
eval percent_Less_Than_1M=((Less_Than_1M/Total)*100)|
eval percent_Within_1M_5M=((Within_1M_5M/Total)*100)|
eval percent_Greater_Than_5M=((Greater_Than_5M/Total)*100)|
stats values(Less_Than_1M) as Count_Less_Than_1min, values(percent_Less_Than_1M) as Percent_Less_Than_1min,
values(Within_1M_5M) as Count_Between_1-5min, values(percent_Within_1M_5M) as Percent_Between_1-5min,
values(Greater_Than_5M) as Count_More_Than_5min, values(percent_Greater_Than_5M) as Percent_More_Than_5min
I want to display a table like this :
Thankyou for help
Aditi
... View more