Hi , Sorry , if I am asking duplicate question.
Looking for something like this....
1) I have a list of source IPs in a csv file , which I want to exclude from the results.
2) Then filter the results with different fields.
index=abc_splunk sourcetype=access_log uri!="/healthcheck" |lookup Source_IPs.csv rIP OUTPUT rIP as RealIP | where isnull(RealIP) | stats count by uri,http_status
This works , but if I add "stats count by realIP, uri,http_status" then it doesn't work.
Do I need to use "fillnull" as well here ? If yes , then how can I use it for different fields ?
Thanks,
DD
... View more