Could someone please tell me what this does? I'm in the process of learning Splunk and knowing what each part of this search does would really help me. Thank you so much!
| tstats `s...
...enerate them. So, the Pivot tool lets to report on a specific data set without the Splunk Search Processing Language 2) It's possible to refer to the CIM data models to normalize d...
...search like:
index="index" sourcetype="sourcertype" field1="*" field2="*"
I expect all the results because i am not filtering anything... but instead i get only a small fraction of the i...
How can this sql "like" query be translated into something the Splunk searchlanguage can understand?
select count(*) from LOG start from X time till Y time
select uniquecount(deviceGUID) f...
Are all these OK?
* | STATS COUNT
* | stats count
* | STATS count
* | stats COUNT
Conclusion: search lang keywords (what I meant) break down as so:
Must be uppercase: OR, NOT
Must b...
...arentheses and OR work in searchlanguage? How could two examples above yield different results with foo and bar being distinct sources?
We had these as two distinct eventtypes, but got weird results when i...
Hi
I am trying to figure out how to count 'abc' string in the following string field.
2012/07/21 16:18:30 string=bbacbacbaabbacbaabbccaacbacbaabbacbacbaabcccbaabccaacbabca
2012/07/21 16:18:3...