Hello,
I Googled and searched the Answers forum, but with no luck.
Below, in psuedo code, is what I want to accomplish.
eval newfield if oldfield starts with a double quote, newfield equals o...
I am trying to get the DBConnect lookup working against PostGIS for the following geospatial query:
select CASE WHEN speedlimit=0 THEN '25' WHEN speedlimit=99 THEN '>45' ELSE speedlimit::text ...
...internal" source="*metrics.log" per_host_thruput | stats sum(kb) by series
(2) index=_internal type=Usage st!=splunk_metrics | stats sum(b) by h
The first query produces almost double the total i...
Hi, I want to index a fieldName which contains square brackets Below is the key-value pair format I have and splunk is not indexing keys value which consists [] eg: root[60]_level[5]=val...
Hello,
i have Splunk on freebsd 8.2 and i collect logs from Cisco Ips with Splunk for Cisco IPS App(using scripted input). Trouble is in timestamps, if event occurs at present moment, i see this ev...
...esultSet: java.sql.SQLException: Illegal conversion
When I search for a float or double casted to String the query execute with no problems, when I query with a hive command such as avg(), sum(), .....
I am having a problem using a date range.
If I run the search below it returns 2 events and a count of 496
index="test2" (cRecords{}.bDate = "05/16/2019" OR cRecords{}.bDate = "05/17/2019") | s...
I have 2 views. The only difference between the two, that I can tell, is that one of the views has a timerange picker around it's saved search.
Here's the skinny
<module name="TimeRangePick...