![]() ![]() we want to see who viewed our product most), and then using top command we bring the most viewed ip’s and last we used return command to return our result. ![]() Then we have added two filters “action=view” and “status=200” (i.e. Here we took data from the “sample_set” index and “access_combined_wcookie” sourcetype,which consist of data related to an online merchant site. $ – Name of the fields to return with “$” sign, you can mention more than one field name separated by spaces.Īt first we will see how the “return” command returns the result, then we will use that query as a sub search within a primary search and will try to understand the function.Įxample 1: index="sample_set" sourcetype=access_combined_wcookie action=view status=200 |top ip |return ip – Name of the fields to return, you can mention more than one field name separated by spaces. = – Mention field alias and field name of values to be returned, you can mention more than one = pair separated by spaces. – Number of results you want to return (default is 1) The return command automatically limits the number of incoming events with the “head” command and the resulting fields with the “fields” command. Generally it’s a procedure of adding condition dynamically to your main search. A sub search looks for a single piece of information that is then added as a criteria, to the main search. “Sub search” in Splunk – A sub search is a search within a primary search. “Return” command basically returns the result from the sub search to your main search. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |