|
Hello I have two searches:
Search A: Search B: I want to connect these two searches into one and represent it as a single value. I've tried sth like this: But I get error: Is there a way to connect/concatenate two searches into one and visualize this as a single value? Best Regards, C4r7m4n |
|
Hello @Ayn Yes, You were right I didn't notice the search word. I've changed this and it's worinking but I don't know why it's counting 2 time more :( This is my changed search:
With code: it's counting to 6 instead 3. Do you have any idea why? |
|
Use http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Append Hello @Ayn I tried a couple of seconds ago what you have sent me and I've got error: Search operation 'bgp' is unknown. You might not have permission to run this operation.
(11 Apr '12, 02:28)
C4r7m4n
At the start of a search within [ ] to need to use the word search. I suspect you have copied and pasted your original search into the brackets.
(11 Apr '12, 02:40)
Drainy
|
|
Try: Hello @dart Your code doesn't work for me. I have the same error as befor: Error in 'search' command: Unable to parse the search: unbalanced parentheses. Secondly, i think it cannot work because in Search A there is not word neighbor so if you concatenate two first searches and the try to search regexp by neigbour, then when search A occure the regexp will not filtr this. I don't know if I wrote this clearly...
(12 Apr '12, 01:42)
C4r7m4n
|
