Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[STORY] SPL: Add bin #751

Open
nbhavana opened this issue Apr 16, 2024 · 2 comments
Open

[STORY] SPL: Add bin #751

nbhavana opened this issue Apr 16, 2024 · 2 comments
Labels
backend-int

Comments

@nbhavana
Copy link
Collaborator

Description

Add bin command

reference:https://docs.splunk.com/Documentation/SplunkCloud/9.1.2312/SearchReference/Bin

Sample query:
"'\n| search (index=*infra* OR index=*kcap*) sourcetype=infra_process\n[| gentimes start=-1 | eval host=\"koss01-oss01-prx18-app*,koss01-oss01-ins01-orc02-app*,koss01-oss01-mta18-app*\" | makemv delim=\",\" host | mvexpand host | table host | format]\n| table _time host command args\n| bin span=5m _time\n| stats count by host _time command args\n| eval cmd = command . \"|\" . args . \"|\" . count\n| stats values(cmd) as cmds by _time host\n| eval splunkd_count = mvindex(split(mvindex(cmds, mvfind(cmds, \"splunkd\")), \"|\"), 2)\n| table _time host splunkd_count cmds\n| eval cmds = mvjoin(cmds, \"|||\")\n| stats latest(cmds) as cmds by host\n| eval cmds = split(cmds, \"|||\")\n| rex field=host \"^(?<host>.*?)\\..*$\"
@deogadepallavi
Copy link

Hello Team,
Can I work on this issue?
Thanks

@AndrewHess
Copy link
Collaborator

Sure, go ahead!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend-int
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nbhavana @AndrewHess @deogadepallavi