Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

why does some of the fields in the SH starts with #

rajneeshdba
Explorer
‎01-24-2019 11:20 AM

why does some of the fields in the SH starts with # , and others not .

Tags (1)
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎01-24-2019 12:00 PM

The # sign represents numeric fields which can be used in stats to calculate an aggregate value whereas the a symbol represents alphanumeric and cannot have its values calculated by a stats command

Example:

If you have a numeric field called duration, you can do this

| stats avg(duration)

If its alphanumeric, you will not get a value returned from stats

0 Karma
Reply

ddrillic
Ultra Champion
‎01-24-2019 11:49 AM

The ones with # are numerical fields.

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...