Hi Guys, In my scenario i want to compare two column values .If its match its fine if the values is in difference i want to display both the fieldvalues in some colour in the splunk dashboard....
Hi All, I have an output from a lookup table in splunk where the team work timings field is coming as:: TeamWorkTimings 09:00:00-18:00:00 I want the output to be separated in two fields, like: T...
...rror while processing*","ERROR", priority="WARN","WARN",priority!="ERROR" AND tracePoint!="EXCEPTION" OR message!="*(ERROR):*","SUCCESS") |stats values(Status) as Status by transactionId
Thanks in Advance Hi Guys, I need to extract limited values from fields: Query : index="mulesoft" applicationName="s-concur-api" environment=PRD priority timestamp
| search NOT message IN ("A...
Here is my search in question, the common field is the SessionID
index=eis_lb apm_eis_rdp
|fillnull value="-"
|search UserID!="-"
| rex field=_raw "\/Common\/apm_eis_rdp:ent-eis[:a-zA-Z0-9_.-](?'S...
I have some JSON output that is in key value structure (protobuf3 formatted--this is OTLP data going into Splunk Enterprise events) and it has multiple values in each field. There are multiple key valu...
Hi, The lookup fieldvalues must match the fieldvalues returned by the query, and the results must be shown as yes/no depending on whether the match happens. but we are unable to match and are u...
Hi all, I am new to splunk, and i have got the following error: "Field '_time' should have numerical values" when I try to run a timechart command. I have got a csv file 'try.csv', w...
Hello Splunk Community, I'm encountering challenges while converting multivalue fields to single value fields for effective visualization in a line chart. Here's the situation: Output : rwws01&n...
...ename id as sessionID
| fields apiName, payload, sessionID
WAF search:
index=waf
| fields src_ip, requestHost, requestPath, requestUserAgent, sessionID
My attempt to join them on the s...