Hello I have to build up a query on Splunk, on wich I am a real newbie.
I have a sheet in wich every record contains a name, an event, some points related to the single event and a sum of the points that comes from all the previous events plus the present one.
E.G.
|Person |Action |Pt |Tot|
|John |"eats a pie" | 1 | 1|
|John |"does a jump" | 3| 4|
|John |"goes to bed" | 5| 9|
|Tim |"tells a lie" | 7| 11 |
The query should show should be something like this
|Person |Pt|Tot|
|John | 9| 9|
|Tim | 7| 11|
As a next step, if the two values does not match (like for Tim), then an alert is raised.
What query can I implement?
Thank you.
Paolo
... View more