I have openshift log configured in splunk and below API results capturing under “log{}” and “pod_name” available under kubernate (kubernate.pod_name). API response time is capturing in the result last 234 ms. I want to fetch only that response time against each distinct pod name.

I have openshift log configured in splunk and below API results capturing under “log{}” and “pod_name” available under kubernate (kubernate.pod_name). API response time is capturing in the result last 234 ms. I want to fetch only that response time against each distinct pod name.

I have openshift log configured in splunk and below API results capturing under “log{}” and “pod_name” available under kubernate (kubernate.pod_name). API response time is capturing in the result last 234 ms. I want to fetch only that response time against each distinct pod name.

I have transactional data, meaning each entry contains a transaction_id. I want to group by transaction_id and create some aggregates, like count unique values of some attributes. Then I want to filter the data using those aggregates, and only transactions which contain single values on those aggregated attributes should remain in the result.
Similar lile in SQL with GROUP by and HAVING clauses.