...as value) I intend to combine this arbitrary, literal dataset with another query, but I want to ensure that there are rows for 'dev', 'beta', and 'prod' whether or not Splunk is able to f...
...t;Project> literals with - or <Version> literals with no SNAPSHOTS.
index=eicoe_tibco_ia sourcetype=eicoe_tibco_ia "wsdl" | rex field=iaSource "(/\w*)+(/\w*)+(/\w*)+(/\w*)+(?<i...
...bsp; Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals.'(sender = "*google.com*")' is not a literal.
What is the most elegant way of searching for events where a field is not in a list of values? For example:
index=foo | iplocation foo_src_ip | search Country IN ("France", "United S...
I'm using a regular expression to locate a certain field in a particular event and then return results where the contents of that field are "like" a certain string. However, what I'm finding is t...
...eturns this error and i cant seem to figure out how to fix it. Any help would be appreciated
Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals....
I would like to perform a regular expression search without any field extraction. I know you can do asterisks for things that start with what you're looking for, but all I have is a format of s...
...f literals. The main search eventtype=dsp_inventory device_control_tags="IMPORTANT*" code IN([subsearch) My question is how can a format the subsearch in a way that on the main search i...
...he issue I'd like to convert the pivot expression into an equivalent non-pivot searchexpression.
To do this manually, the only solution I've thought of so far involves ~50 joins (one for each c...