...R sourcetype=yyy) NOT host="oo" | fieldsummary | eval test="xxx" | eval reference="yyy" | table field test field reference
I know it's wrong, but that's where I am at the moment. I need to have m...
Hello, I have XML data as values of requestbody field in Splunk search below, need field summary on the break down of XML data, XML data is complex one and provided a sample of the XML data, how to ...
Hello
How can I get only results for specific fields where field name is like something ?
fx.
get all fields which have "status" in their field name.
I tried this but It doesnt work:
st...
...se to strip off all the fields and their extracted fields but I have no idea where they are coming from, what is their sourcetype and source:
index=*
fieldsummary
| search values!="[]"
| rex f...
I am using Splunk ES and trying to match my IDS logs to the Intrusion Detection data model. I thought I did all preparatory steps required but when clicking in the ES app Search > Datasets > ...
Hi
I'm trying to search for multiple strings within all fields of my index using fieldsummary, e.g.
index=centre_data
| fieldsummary
| search values="*DAN012A Dance*" OR values="*2148 FNT004F N...
I am trying to better learn what data is in the indexes at my company. There is a command that gives you something like a summary of an index (or index and source type), but I forget that...
Hi All, I need your help to get list of all field names in a dropdown filter from SPL results at runtime. Description: - I have a SPL in panel section of the dashboard. I need to get the co...
I have events with JSON in them and I need to know what % of the time each field appears.
The fieldset in the events is not consistent, sometimes an event has many, sometimes only a few, the name ...