Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
2,000 results
Sorted by:
11-30-2021
04:49 AM
need help on eval function of trimming the month EX : April = APR all months first 3 letters thanks
Labels
- Labels:
-
troubleshooting
06-21-2022
08:13 AM
Hello community,
like to ask for support to get over conditional formatting. I have 3 different products in a group. Product A, B and C and I need to add for each of them a different formula (compe...
Labels
- Labels:
-
eval
Show results in replies (7)
-
A case function should do the job. | eval ProductGroup = case(product=A, group*100/3.33, product=B...
-
Hello, not really as the formula does not work unfortunately. I want eval a group = case (in the r...
-
I want eval a row called RML = case (in the row "group", for a VALUE A divided by 3.33*100, in the ...
-
Please elaborate on "does not work". What results do you get and how do they not meet expecta...
-
|eval ProductGroup=case(group=="PRODUCT_A",group/3.33*100 ,group=="PRODUCT B",group/3.061*100,...
-
This looks like a faithful interpretation of the OP's question, but won't work because if the group...
-
Hello Rich, thanks for message. Finally I´ve managed apply case function and resolved the i...
04-06-2023
03:57 AM
...utom external command and I wanted to ask how and where I can get such statistical functions into Splunk? Many thanks as always,
Labels
04-13-2022
12:29 AM
...xcellent Custom Function that looks in the cached SOAR internals for the cached results from previous executions of a specific app/action.
He did mention that this was a 'work in progress' and I can't f...
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom
09-11-2022
04:32 AM
Hi,
Just curios if this is possible as I have interesting challenge.
So, I have extracted fields, key=value
id0=0000, id1=1111, id2=2222,inN=NNNN,zone0=zone0,zone1=zone1,zone2=zone2,zoneN=zoneN...
Labels
- Labels:
-
eval
Show results in replies (4)
-
Use foreach. This example demonstrates how to do it, you can run it in the search window, but the l...
-
This is one of the great things you can do, if you use a well defined field naming convention. As y...
-
I don't think that that is what I need. Stats are not good for my use case in that early stage. Ba...
-
Sry, It's working. I needed only this ForEach command.
01-18-2023
12:13 PM
Fairly new to writing playbooks within Phantom and so far havent found documentation for this yet: I'm trying to create an email notification (or something along those lines) whenever a playbook fai...
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom
10-30-2023
04:33 PM
I was building a new search and started getting this error with various functions. I simplified my search down to something straight out of the documentation to make sure I wasn't missing something s...
Labels
- Labels:
-
troubleshooting
11-13-2015
01:50 AM
1 Karma
Hi, I wonder whether someone may be able to help me please.
I've been reading the Splunk documentation on the 'coalesce' function and understand the principals of this.
The example in the S...
05-11-2021
02:15 AM
...sed by many apps, so can not change that one. I am basically setting the time picker token in both functions with different token value. On clicking it is calling both functions as it is p...
Labels
- Labels:
-
javascript
-
other
12-18-2014
11:25 PM
2 Karma
Hi Splunkers,
when i'm running first Search returns getting zero value where as second Search giving correct value. Explain me how its working,
Search 1:
|stats count | eval next_time=relat...
