Hi@all,
i'm new a splunk and been trying to figure out this for a while now. But for me it is not possible to add a additionally column with a count of unique ip (ip2) adresses to my existing chart.
My serach string :
index="xxx_prod" environment="p" (ZS-2200150 OR ZS-2200039 OR ZS-2200044 OR ZS-2200045 OR ZS-2200046 OR ZS-2200068 OR yyy-021024 OR ZS-2200054 OR ZS-2200056 OR ZS-2200046 OR ZS-2100018 OR xxx-050001) | eval week=strftime(_time, "%V/%Y") | eval error_text=if(like(error_text,"%<text>%"),"Ohne Bezug dürfen ausschließlich wechselwirkungsrelevante Abgaben gespeichert werden", error_text) | rex field=error_text mode=sed "s/\..*$//" | rex field=error_text mode=sed "s/\(.*$//" | rex field=error_code mode=sed "s/xxxx-050003/EMED-021024/g" | eval error_text2 = replace(error_text,",", " ") | eval Fehlermeldung=error_code. " " .error_text2. " - " .environment . " - " . application1 | rex field=_raw "IP: (?<ip2>[^,]+)" | chart count(Fehlermeldung) by Fehlermeldung week | sort Fehlermeldung
Result:
Fehlermeldung 10/2018
ZS-2100018 Proxy-Request....... 431
ZS-2200044 Bei der Abfrage...... 12
.................
But i would like this result:
Fehlermeldung 10/2018 UniqueIP
ZS-2100018 Proxy-Request....... 431 12
ZS-2200044 Bei der Abfrage...... 12 3
.................
Thanks for the help in advanced.
... View more