Splunk - Mastering SPL (Grouping and correlating)

Splunk - Mastering SPL (Grouping and correlating) commands SPL : Transaction index=main sourcetype="access_combined_wcookie" | transaction JSESSIONID | stats max(duration) index=main sourcetype="access_combined_wcookie" | transaction JSESSIONID clientip startswith="action=view" endswith="action=purchase" Subsearch index=main sourcetype="access_combined_wcookie" [ search index=main sourcetype="access_combined_wcookie" | stats count by productId | sort 1 count | fields productId] Append No of purchases for 2 days and for ALL TIME index=main sourcetype="access_combined_wcookie" action=purchase earliest=-60d latest=-59d | top limit=2 productId showperc=f | eval timeperiod="Just for 2 Days" | append [ search index=main sourcetype=access_combined_wcookie action=purchase earliest=1 latest=now | top limit=2 productId showperc=f | eval timeperiod="All time"] Append (No of 500 http Errors on two consecutive days) index=main sourcetype="access_combined_wcookie" status=5* earliest=-60d latest=-59d | stats count as "Day 1 Errors" by status | append [ search index=main sourcetype=access_combined_wcookie status=5* earliest=-59d latest=-58d | stats count as "Day 2 Errors" by status] Appendcols (No of 500 http Errors on two consecutive days) index=main sourcetype="access_combined_wcookie" status=5* earliest=-60d latest=-59d | stats count as "Day 1 Errors" by status | appendcols [ search index=main sourcetype=access_combined_wcookie status=5* earliest=-59d latest=-58d | stats count as "Day 2 Errors" by status] Appendpipe Include the grand TOTALS for categories index=main sourcetype="access_combined_wcookie" categoryId IN (arcade, sports, tee) | stats count by categoryId productId | appendpipe [stats sum(count) as count by categoryId | eval productId="TOTAL of ALL Products"] | sort categoryId