You now need to run another search to determine how many different products the VIP shopper has purchased.These are the default fields that are returned with the top command. The search also returns a count and a percent. This search returns one clientip value, 87.194.216.51, which you will use to identify the VIP shopper. The clientip argument specifies the field to return. The limit=1 argument specifies to return 1 value. Sourcetype=access_* status=200 action=purchase | top limit=1 clientip To find the shopper who accessed the online shop the most, use this search.Use the top command to return the most frequent shopper. You want to find the single most frequent shopper on the Buttercup Games online store and what that shopper has purchased.
#Splunk inputlookup how to#
Example 2 shows how to find the most frequent shopper with a subsearch. Example 1 shows how to find the most frequent shopper without a subsearch. The following examples show why a subsearch is useful. Let's find the single most frequent shopper on the Buttercup Games online store, and what that shopper has purchased. Subsearches are enclosed in square brackets within a main search and are evaluated first. The result of the subsearch is then used as an argument to the primary, or outer, search. In this section you will learn how to correlate events by using subsearches.Ī subsearch is a search that is used to narrow down the set of events that you search on.
0 kommentar(er)
