Hi, I am storing the events containing subscribers per subscription topics.
The events look like this:
{"type":"subscriptions","details":{"topic":"topic1","subscribers":["192.168.74.25","10.132.45.54"]}}
...
{"type":"subscriptions","details":{"topic":"topic2","subscribers":["192.168.74.26","10.132.45.54"]}}
...
I want to count all subscriptions per subscribers and plot it over time.
Until now I managed to extract the list of subscribers using this Splunk query:
source="mysource" | chart values(details.subscribers{}) as subscribers
I guess I should now use it in subquery ?
Any help would be appreciated!
Thanks,
L.
↧