SPL
rangemap command with single value string
Description
1 1
index=_internal sourcetype=splunkd OR sourcetype=splunkd_access | stats latest(sourcetype) as sourcetype | eval sourcetypeidx=case(sourcetype="splunkd",2,sourcetype="splunkd_access",1) | rangemap field=sourcetypeidx severe=0-1 low=2-4 default=low
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.