Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

distinctfields #26

Open
vijayadhandapani opened this issue Nov 4, 2019 · 2 comments
Open

distinctfields #26

vijayadhandapani opened this issue Nov 4, 2019 · 2 comments
Assignees
@doksu
Labels
question

Comments

@vijayadhandapani
Copy link

vijayadhandapani commented Nov 4, 2019
edited
Loading

I tried to create correlation search in Splunk SH, but when I tried to save it says "distinctfields" search command does not exists.

Do you suggest any other Correlation search, as suggested search command did not work?

Please find atatched screenshot from Splunk SH.

distinctfields
@vijayadhandapani
Copy link
Author

I have installed set operations add-on on my Splunk Search Head. Still correlation search did not work, when I try to run, it did not produce any result.
Instead I tried to use distinctstream command which in turn produced result, but I am trying to understand what these two commands distinctfields and dictinctstream are used for? Please assist.

@doksu
Copy link
Owner

doksu commented Nov 8, 2019
edited
Loading

Hi @vijayadhandapani,

Thanks for the question. Have you restarted Splunk on the search head after installing the setops app?

Could you please try the sample searches in the documentation: https://github.com/doksu/setops/wiki#distinctfields-command

Please see the documentation above for the difference between the two commands.

Thanks

@doksu doksu self-assigned this Nov 8, 2019
@doksu doksu added the question label Nov 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doksu doksu

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@doksu @vijayadhandapani