Hi was wondering if possible, how to convert a date field into an abbreviate Month (Jan , Feb, Mar, Apr)
So the 2 fields on the left are existing fields and the ones on the right would be the new o...
Is there a way to display the full timezone and not just the abbreviation? The SPL I am currently using is:
| eval zone=strftime(time(),"%Z %z")
However this just gives me the abbrevi...
...raffic sourcetype="csv" | stats count by "Driver State" | geom geo_us_states featureIdField="Driver State"
I cannot figure out how to get Splunk to read the abbreviations, unless it is something more o...
Does anyone know if/how you can create a choropleth map in Splunk using state abbreviations? I have been trying the following search but to no avail.
index=traffic sourcetype="traffic_logs" | s...
Hi,
I need my charts in Splunk to be displayed in SI International System of Units (metric system).
When using "Number Abbreviations" in format Y-Axis the prefix of 10^9 will be display as B...
I wanted to extract the first word that comes after the timestamp.
The time stamps are of varied formats
example event1 :
2019-02-05 11:89:17,642 EST BROCOD bla bla bla ......
example ev...
I'm trying to display results within my panels on my dashboard for the previous week Sunday at 12am to Sat at 11:59:59pm. I've tried using -w0 to -w6, but it keeps throwing date range error. And I ...
I am trying to create a Choropleth map for US states where i am trying to show the number of sales per States, my SPL is:
stats count(sales) as Sales by STATE_CD |geom geo_us_states featureIdField=...
Summary indexing produces a lot of psrsvd_* fields. What do they stand for? I presume they're acronyms or abbreviations. Here are some examples when averaging the number of bytes returned per c...