Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
23 results
Sorted by:
08-14-2017
06:21 AM
...escription"=(Message) OR (name) | table ... "Event Description"
.... | eval "Event Description"=Message OR name | table ... "Event Description"
None of these seem to work. They usually give us malform eval express...
12-06-2019
03:32 AM
1 Karma
Hi, One of my value in table is being passed as an Boolean expression as below
(assignment_group = 1213App_Development1 OR assignment_group = App-Testing OR assignment_group = App Support OR a...
09-19-2019
12:16 PM
...reated it as a calculated field(systemid) and gave an eval expression systemid=if(isnull(systemid),"NULL",systemid). Now I get the error "Error in 'eval' command: Fields cannot be assigned a boolean r...
01-20-2016
04:52 AM
...MLField
I've got tens of regular expressions working as field extractions, I've got this particular expression working in search and in a python script, I'm just really out of ideas as to why it's n...
02-19-2021
03:42 PM
...here signature has specific src or cidr range. I seem to be creating unbalanced parenthesis when trying my boolean expressions or Wheres. Please assist
03-15-2019
12:19 PM
Hello there,
I have the next JSON:
{
"idDeclaracion": "abc123",
"prospecto": {
"id": "1111",
"edad": 24,
"nombre": "jaime",
"ubicacion": {
"direccion": "CL 61",
...
10-13-2018
01:15 PM
When a kvstore lookup definition filters a kvstore of 1 million events down to 300k, does performance improve vs using the original kvstore collection unfiltered?
11-21-2014
07:52 AM
Hi,
One saved search can have only one alert condition.
I have "heartbeat" string in my log and I set up a saved search in scheduler --
sourcetype="app.log" "Heartbeat check comple...
