Hi,
I'm running Splunk 6.6 and I like to set something like a "default" value in the case that there was nothing found with the SPL querry.
The result I get is:
SystemA_primary 4000
SystemA_secondary 100
SystemB_secondary 3000
But I like to get something like this:
SystemA_primary 4000
SystemA_secondary 100
SystemB_primary 0
SystemB_secondary 3000
SystemX_primary 0
SystemX_secondary 0
I tried it with the following querry without success:
index=log 'gateway'
| rex field=source "\/\w+\/\w+\/log\/(?\w+)\/\w+\_(?\w+)\/.*"
| eval Inst= Env+"_" + instance
| stats count as connections by Inst
| makecontinuous source
| fillnull value=0 connections
Thanks for your tips and answers.
↧