Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

why does some of the fields in the SH starts with #

rajneeshdba
Explorer
‎01-24-2019 11:20 AM

why does some of the fields in the SH starts with # , and others not .

Tags (1)
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎01-24-2019 12:00 PM

The # sign represents numeric fields which can be used in stats to calculate an aggregate value whereas the a symbol represents alphanumeric and cannot have its values calculated by a stats command

Example:

If you have a numeric field called duration, you can do this

| stats avg(duration)

If its alphanumeric, you will not get a value returned from stats

0 Karma
Reply

ddrillic
Ultra Champion
‎01-24-2019 11:49 AM

The ones with # are numerical fields.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...