...001L" | eval b="0002L" | eval c=rtrim(a,"L") + rtrim(b,"L") | fields a b c
So the question is this:
Is there anyway to force eval to cast the output of an expressions to a numeric value, so t...
...ail_to_check_triggered_alerts, error=CastError, message=Cast to date failed for value "2014-07-28 14:32:01 CEST" at path "triggerTime", stack=MongooseError: Cast to date failed for value "2014-07-28 14:32:01 CEST" at p...
...ubmitting. It seems like it should be straight forward using concatenation, but I haven't been able to get to a solution. eval cidr_address=remoteIP + "/32" and varieties of this approach(casting...
I have a MSSQL Datasource and having trouble parsing the timestamps (ProcessWorkStart field) correctly. For some reason it is parsing all events with the exact same timestamp (1969-12-31 18:59:59.999...
Hi at all, I have a data flow in json format from one host that I ingest with HEC, so I have one host, one source and one sourcetype for all events. I would override the host, source and sourcetype...
When using splunk.Intersplunk.outputResults for even 1 record as a streaming command, I get an extra header with a improperly casted time field that ends up making the search compain about fields c...
Hi, I have some single string log statements looking like the following: INFO ControllerNameHere f1d46561-b382-4685-9d7a-ebd76f40c355 EXT | <action> | Time 80 I want to make ...
Hi I have an issue that Splunk might be help to solve it. Here is scenario: Need to find unusual send and receive patterns in huge log file, here is the example: 00:00:01.000  ...