Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
29 results
Sorted by:
08-14-2017
06:21 AM
...escription"=(Message) OR (name) | table ... "Event Description"
.... | eval "Event Description"=Message OR name | table ... "Event Description"
None of these seem to work. They usually give us malform eval express...
01-21-2019
03:21 PM
...sed "(Image!=[process1] AND Image!=[Process2])" and "NOT (Image=[process1] OR Image=[process2])"
I would appreciate if you tell me the difference between these two boolean expressions.
12-06-2019
03:32 AM
1 Karma
Hi, One of my value in table is being passed as an Boolean expression as below
(assignment_group = 1213App_Development1 OR assignment_group = App-Testing OR assignment_group = App Support OR a...
09-19-2019
12:16 PM
...reated it as a calculated field(systemid) and gave an eval expression systemid=if(isnull(systemid),"NULL",systemid). Now I get the error "Error in 'eval' command: Fields cannot be assigned a boolean r...
01-20-2016
04:52 AM
...MLField
I've got tens of regular expressions working as field extractions, I've got this particular expression working in search and in a python script, I'm just really out of ideas as to why it's n...
12-19-2021
11:31 AM
Hi, I want to find specific strings in all event in order to classify them into two values, like "if there is "A" or "B" or "C" so put it under "OK" value, if not put it in default value "KO". I tr...
- Tags:
- searchmatch
Labels
- Labels:
-
eval
03-15-2019
12:19 PM
Hello there,
I have the next JSON:
{
"idDeclaracion": "abc123",
"prospecto": {
"id": "1111",
"edad": 24,
"nombre": "jaime",
"ubicacion": {
"direccion": "CL 61",
...
02-19-2021
03:42 PM
...here signature has specific src or cidr range. I seem to be creating unbalanced parenthesis when trying my boolean expressions or Wheres. Please assist
