Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
136 results
Sorted by:
10-01-2018
04:26 PM
I am trying to map incoming events to CIM fields using aliases. I followed the documentation here —https://docs.splunk.com/Documentation/Splunk/7.1.3/Knowledge/Addaliasestofields— but it didn't w...
- Tags:
- cim
- splunk-enterprise
11-01-2017
07:43 AM
...orking properly. I've just created 7 aliases for a field in one sourcetype, and the search results are inconsistent:
index=foo sourcetype=bar | stats count(src),count(shost2),count(shost3),count(t...
04-12-2018
10:31 AM
Hi
I created a calculated field called "SUCCESS" using Splunk Web on sourcetype. The calculated field eval condition is like if(TYPE="S", "Success", null). Now I am trying to use this calculated field...
06-16-2015
08:14 AM
I installed the Cisco eStreamer for Splunk on my Splunk App for Enterprise Security search head, but noticed that field aliases created by the app are viewable from Search & Reporting, but not v...
07-22-2016
12:44 PM
...etup might be incorrect. Though for the life of me... it's not working.
Details:
Universal Forwarder installed on the remote server. Index is main.
Website Setup:
Site = TESTSITE Host = T...
08-25-2016
01:41 PM
...f the fields I just defined are there. Very strange. What am I missing?
15:15:55.664 | [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] | DEBUG | splunk - | {'e...
06-08-2017
01:03 AM
Hi,
I need to create a calculated compliance field in splunk web.
the field should have the values like full, light,expanded and none in it.
Please help me out in creating this using eval f...
12-13-2016
07:09 PM
2 Karma
I've created an extracted field using the field extractor GUI in Splunk Seb. When I created it, there were two values for that field. Now that further logs have been processed, there is a new value f...
04-16-2020
09:45 AM
Is there a way to rename the extracted fields in the Interesting Fields section? Example would be
Interesting Fields
xxxxxname1xxxx -> name1
Thanks in advance
07-22-2018
10:28 PM
Hi guys,
I am in the midst of trying to map the fields in my data to the splunk authentication CIM. However, I realised that I don't seem able to create a field alias on lookup output fields (eg....
