Hello, I have 2 fields I want to filter they are: name, "short name" I want to pull all the events that contains: name="software" or "short name"=software" and exclude: "Splunk" "Ado...
Hello everyone, I have multiple fields and i want to extract an ID from it. (That's the only value that changes in it) My fields are : class, method, message, nb. Message field is like this : "] i...
I'm trying to join 2 lookup tables. To make the logic easy to read, I want the first table to be the one whose data is higher up in hierarchy.
| inputlookup Applications.csv
| fields AppNo, App...
Here is the requirement: I wanted to create a form with list of Apps in my Search head Dropdown. If the Developer choose any App from the list then it should show what level of permission (Read / Wr...
Hi, how do I sum multiple columns using multiple columns? For instance, my data looks like this:
How do I get two columns with just Name and Quantity that would combine the results in the ta...
Hi,
I wonder whether someone may be able to help me please.
I'm trying to extract the "1234567/123" from the string below, but I'd like the final output to be "1234567123".
"/for/1234567/1...
Hi,
I have an index with one field as a timestamp, "SESSION_TIME", and another field, "SEQUENCE". The "SEQUENCE" field is unique for each event and i am tasked to replace the seconds part of each t...