Forgive my newbiness. I've been working with Splunk for many years but not developing reports. I have a report that works well. After the search criteria and all are completed, the following shows the report...
timechart span=30m max(ms) as MS, by server
| eval Time=strftime(_time,"%H:%M:%S %m/%d/%Y")
| untable Time, server, ms
| sort +Time
I got Time and server and ms columns beautifully.
However, there is a field called APP that I would like to also display a column for. How can I get the report to included this column?
↧