Is there a way to change the _time field of imported data to be a custom extracted datetime field? Or at least some way to specify a different field used by the time picker? I have seen some s...
Hi,
I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_name is a multivalued field as shown. I tried using makemv delim but it doesnt work b...
Hi Splunk Team I am having issues while fetching data from 2 stats count fields together. Below is the query: index=test_index | rex "\.(?<TestMQ>.*)\@" | eval Priority_Level=case(P...
{"log":"{\\"instanceId\\":\\"abc-fdh-48f-4432\\",\\"requestType\\":\\"ABC\\"}
Using the above sample log, how to extract the request type and instanceId fields values?
Hi Splunkers! I need to extract the specific field which dosent consists of sourcetype in logs, Fields to extract - OS, OSRelease Thanks in Advance, M...
Hi.
Lets say there are fields named "raw".
The values are like this.
http-header1=value1|http-header2=value2..
Number of HTTP Headers is 1 to 4.
ex)
METHOD=POST|User-Agent=Mozilla|HTTP-C...
I have a multivalue field, which I would like to expand to individual fields, like so: | makeresults count=1
| eval a=mvappend("1","7")
| eval a_0=mvindex(a,0,0)
| eval a_1=mvindex(a,1...