I am trying to map incoming events to CIM fields using aliases. I followed the documentation here —https://docs.splunk.com/Documentation/Splunk/7.1.3/Knowledge/Addaliasestofields— but it didn't w...
Hi
I created a calculated field called "SUCCESS" using SplunkWeb on sourcetype. The calculated field eval condition is like if(TYPE="S", "Success", null). Now I am trying to use this calculated field...
I installed the Cisco eStreamer for Splunk on my Splunk App for Enterprise Security search head, but noticed that fieldaliasescreated by the app are viewable from Search & Reporting, but not v...
...f the fields I just defined are there. Very strange. What am I missing?
15:15:55.664 | [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] | DEBUG | splunk - | {'e...
...orking properly. I've just created 7 aliases for a fieldin one sourcetype, and the search results are inconsistent:
index=foo sourcetype=bar | stats count(src),count(shost2),count(shost3),count(t...
I have a dashboard showing website user journey data by reading various elements from a log message. Now the structure of logs has been changed in such a way I will have to change my q...
Hi,
I need to create a calculated compliance fieldinsplunkweb.
the field should have the values like full, light,expanded and none in it.
Please help me out increating this using eval f...
I've created an extracted field using the field extractor GUI inSplunk Seb. When I created it, there were two values for that field. Now that further logs have been processed, there is a new value f...
...idn't work for me. I'm think the field id is causing me issues since `*` are normally Splunkinternal variables. Any thoughts on how I should approach this?
TIA
Joe