Could someone please tell me what this does? I'm in the process of learning Splunk and knowing what each part of this search does would really help me. Thank you so much!
| tstats `s...
...search like:
index="index" sourcetype="sourcertype" field1="*" field2="*"
I expect all the results because i am not filtering anything... but instead i get only a small fraction of the i...
...enerate them. So, the Pivot tool lets to report on a specific data set without the Splunk Search Processing Language 2) It's possible to refer to the CIM data models to normalize d...
Are all these OK?
* | STATS COUNT
* | stats count
* | STATS count
* | stats COUNT
Conclusion: search lang keywords (what I meant) break down as so:
Must be uppercase: OR, NOT
Must b...
Hi
I am trying to figure out how to count 'abc' string in the following string field.
2012/07/21 16:18:30 string=bbacbacbaabbacbaabbccaacbacbaabbacbacbaabcccbaabccaacbabca
2012/07/21 16:18:3...
...arentheses and OR work in searchlanguage? How could two examples above yield different results with foo and bar being distinct sources?
We had these as two distinct eventtypes, but got weird results when i...
Converted from http://answers.splunk.com/answers/193524/how-to-write-a-search-to-return-events-with-a-vari.html
Hi,
i want to extract this field language:
language:ru-ru
can you please h...