hi i would like some help doing an eval function where based on 3 values of fields will determine if the eval field value be either OK or BAD
example these are the 4 fields in total (h...
I'm trying to understand the functionality of keepevicted. I've read several documentation about it but it's still not clear. I've made a search with transaction. Without keepevicted I get 5...
So I have a field named "domain" that has values of single domains (A, B, C) and combinations of domains with two different values.
A B C A/B A/C A, B C, D I can successfully split the value...
I have this search that is working and returning a average Delay value: Search Command
| eval epoch_timestamp=strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%:z")
| stats range(epoch_timestamp) as Del...
Can someone help me break down this portion of a search? Is it saying, look for anything older than 30 minutes? eval recent = if(latest > relative_time(now(),"-30m"),1,0), realLate...
Hi Splunkers,
when i'm running first Search returns getting zero value where as second Search giving correct value. Explain me how its working,
Search 1:
|stats count | eval next_time=relat...
I am new to Splunk, Can someone please explain me what below query is doing and what does 1 mean at the end of Sourcetype and LIke and what 1=1.
Thanks in advance
| eval UseInSummary=case(
...
Hoping someone can help me get past the last hurdle. I'm trying to create a custom function that dynamically calls other custom functions. I've got the part of generating the list o...
Hi Team, I have several Dashboards that contain base searches data from reports for example: <search id="baseSearch" ref="Report"></search> but, I se...
...plunkd daemon via Systemd on all instances and checked the infra. All functional and the cluster remains operating properly, ingesting data, clustering operations correct. However... there is one flaw a...