Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
134 results
Sorted by:
02-02-2021
06:23 PM
Hello, I have 2 fields I want to filter they are: name, "short name" I want to pull all the events that contains: name="software" or "short name"=software" and exclude: "Splunk" "A...
12-08-2019
12:47 PM
From the screenshot, i would like to achieve the below;
LCU04 = 500 x 00000
LCU03 = 500 x 01985
LCU02 = 500 x 01985
LCU01 = 500 x 01985
Then, LCU = (LCU04 + LCU03 + LCU02 + LCU01)
Plea...
- Tags:
- splunk-enterprise
03-04-2016
02:43 PM
...ONG_GRAS
Since field names do confirm to some=data they are automatically extracted.
For some reason some user has §4 in front of name and §r after it.
I have temporary solved this by using SED like t...
09-29-2021
09:25 AM
Hello, I need a help with a search that seems very easy, but I'm unable to achieve the results I want. The events are recieved in diferrent days, but no more than 3 days and the date is in the field...
Labels
- Labels:
-
eval
-
search job inspector
01-19-2018
04:04 AM
...pp=case(app="cisco:wsa:squid","squid") | table _time, app
But using that search as a calculated field always evaluates to zero.
Anyone have any idea why?
07-21-2010
09:06 PM
Hi all,
I am trying to include the contents of a form field into an AND search clause only if the form field is not null.
So, say there are three input fields: field1, field2, and field3.
I...
- Tags:
- form-search
03-30-2017
10:15 AM
Hello Splunkers.
I'm indexing some SNMP data from a server.
Here is one event indexed:
HOST-RESOURCES-MIB::hrStorageDescr."31" = "/"
HOST-RESOURCES-MIB::hrStorageDescr."35" = "/tmp"
HOST-R...
03-01-2019
05:40 AM
Hi,
Let's say we have 2 multivalue fields
Field1={a,b,c,d}
Field2={a,b,c,d,e}
Is it possible to evaluate the difference between these fields and display the additional value of Field2? S...
07-20-2010
12:19 PM
Hi,
I'm having problem with evaluating expression using lookup field. I create a lookup fileld by executing this search:
some search| stats avg(count) as Average | outputlookup Average.csv
N...
03-02-2018
08:56 AM
My data is structured into a JSON with a field inside a block that is as follows
{ "SomeField":"Value",
"serviceInfoBlock":{"SomeOtherField":"Value",
"logID":"V...
