I am trying to include something in my query like this
index=* domain=acbd_1 earliest=-16m@m latest=-1m@m | bin _time span=15m | stats avg(responstime) by domain | stats values(avg(responsetime)) as avg_res_time by _time, domain | eval ts_time=_time * 1000 | where avg_res_time > 2 | top limit=1 avg_res_time by domain, ts_time | table ts_time, domain, avg_res_time, channel, lob
I want the display to be like this :
ts_time domain avg_res_time channel lob
1506542400000 abcd_1 120.83 dot Clear
1506542600000 abcd_1 82.11 dot Clear
1506563400000 acbd_1 9 dot Clear
I want result As shown in above table; ts_time, domain,avg_res_time as extracted from the data we have. I am trying to add "channel, lob" fields with "dot, Clear" values in my splunk result table by using query, in other words I want to predefine channel and lob values within the query and display them in table. How can I achieve it? Appreciate the help ASAP, please.
↧