Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
222 results
Sorted by:
07-27-2021
12:03 AM
...lias --> didnt work 2) I created a calculated field, case(isnotnull(asset_os),asset_os,1==1,"unkown") - asset_os is not showing in fields 3) I added the below line into props.conf - Also here&n...
Labels
- Labels:
-
configuration
02-14-2017
11:26 PM
I am trying to use a filed in calculated fields from props.conf to replace space in one of my field values but not getting any results in Splunk 6.2.
Below is EVAL stanza from props.conf -
E...
04-21-2020
10:38 PM
...ransform. I follow the same naming conventions for other normal field extractions with transforms and it works well.
props.conf
[sourcetype]
REPORT-IP = REPORT-IP
transforms.conf
[REPORT-IP]
F...
09-12-2019
09:09 AM
Since I can't edit .conf files in Splunk Cloud, how can I get more granular insights from my data?
11-12-2019
08:23 AM
I have a field called File_Name that I've generate by trimming the filepath off of my source from a local data input.
The files are either XML or txt files but the names all follow the same f...
08-29-2017
09:42 PM
...o properly use props.conf and transforms.conf my only (or best) approach?
What if I want to retain the unique details “just-in-case” and don’t want it removed prior to indexing?
Apologies if m...
10-04-2017
12:12 PM
3 Karma
...his a bug or something that I have to configure to fix it?
03-25-2015
07:12 AM
Hi,
I have this in my props.conf
[emailAlerts2]
EVAL-Application = if(match(_raw,"\<EcomLogEntry\>\nDate:\s+\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d-0400"),"MyApp",Application)
But I'm b...
07-23-2020
08:12 PM
Hi Guys, Would you know why does the Selected fields are missing after i enable this specific Calculated fields ? And when i delete that calculated field the the default selected fields are s...
Labels
- Labels:
-
calculated field
07-20-2020
05:32 PM
Hi As I see many documents and comments here, Universal forwarder do not break line. with "LINE_BREAKER" in props.conf. It is the role of Indexer. This is what I am understanding. But I t...
Labels
- Labels:
-
universal forwarder
