i have two fields that are numerical fields. when I try a search that says: index="test" AND field1 > field2 i get no results when I know that shouldn't be the case.&n...
I have a query where I do a bunch of computations, and then at the end of it, I want to add a new field based on the result of a comparison of the numeric values of 2 other fields. Here is that e...
So, our application logs duration times of logged method calls as ..dT=XXXms.. and I would like to use this for nice splunk graphs.
This works brilliantly if I use a query like this (in advanced...
I'm trying to extract value from a field in the raw text using a regular expression. I want the field values to be extracted in numeric format, but when I field extraction the value is in a string....
In search language, is there a way to add the values stored in a multi-value field provided they are all numerical values?
I assume this might be possible with a rather excessive use of the eval f...
Suppose I have some numerical field A , and some numerical multivalue field, mv_B .
Suppose I want to find all values in mv_B that are greater than A .
I envision something like the f...
Hello Splunk Ninjas,
First time I've seen this: I have two fields, clearly regognised as numericfields by Splunk. They are named:
"Put Count"
"Put1 Count"
I want to sum these fields, so I...
Hello, I am trying to combine couple of fields data separated by a dash. Tried few options but could not get the expected output. My query is: index=test sourcetype="test-abc" ("enter s...
Hi,
I am looking to use predict command with multiple fields without typing all their names.
For example I know it can be used liked this:
Make results |Predictfield1 field2 field...