...irectly in the search. I'm aware that the syntax I'm using here with eval is not the one specified in the documentation, but I'm using it to simulate the calculated field (and it yields the same r...
Hi When I run the command below, it works fine index=toto event_id=4688 |
eval file_name=if(event_id==4688, replace(NewProcessName, "^*\\\\([^\\\\]+)$","\\1"),null) Now I need t...
...og a and log b without doing a subsearch, so far I have
index=a, env=a, account=a ("There is a file" OR "The file has been found")|field filename from log b | field filename2| eval Endtime = _...
...rrayName$ by sgname Array_Name Model
|eval SOT=case(Model="ModelA", 94000, Model="ModelB", 104000), PctIOPS=round((sgIOPS/SOT)*100, 2)
| sort - PctIOPS
| head 5
| table Array_Name Model SOT s...
Hi
As you can see, I use a first eval in order to rename the field "site"
From the site renamed, I need to create a new field called "toto" in order to add new information for the field site.
S...
I'm trying to evaluate the date string to a time format sing the strptime() the format I have is: Tue_Oct_25_03:57:49_IDT_2022
the strptime function looks like: strptime(d...