...val message_type=if(message_type == "Rcv", "Query", "unknown")
However, when I create the CalculatedField in the web browser (Splunk Cloud, no access to props.conf) nothing changes and the original m...
Hi
I created a calculatedfield called "SUCCESS" using SplunkWeb on sourcetype. The calculatedfield eval condition is like if(TYPE="S", "Success", null). Now I am trying to use this calculatedfield...
...roblem is that I get a lot of fields that are useless in cyber security efforts. For instance, maybe I want to know the category of the different attacks that are occurring. It is a calculated...
New Splunk user. I am creating web dashboards and I want to calculate the percentage of successful status codes. The logs are IIS. I am trying to create a search that takes the total status c...
Hi,
I need to create a calculated compliance field in splunkweb.
the field should have the values like full, light,expanded and none in it.
Please help me out in creating this using eval f...
..." ".KCQEndTime, "%Y-%m-%d %H:%M:%S"))
However, I'm not able to get it to work when I create this field using the SplunkWeb App (Settings->Fields->CalculatedFields) or editing the props.conf file. T...
...dd a new field called (uri_path) to the Web DM? If I try to add the below as a calculatedfield using an Eval Expression, it doesn't work. There are errors related to searching the index when I...
Hi everyone. I've been going back and forth through the docs and other answers posted here, but nothing definitive in answering my question.
I want to create a new field at index time which w...
We have event records that cut a beginTime and endTime. We have the search necessary to calculate overall response time but would like to try and get logic into a calculatedfield or ??? so that e...