I was curious, and was not able to find an answer online or here, if you are able to create customeval subcommands. What I mean by this are things like mvcount() or dc(). I have custom c...
...roblem using 4 joins… But that made the source code large and ugly…
Is there any way I can optimize the size of the query below?
Can a define a custom macro inside the query and call it s...
...iming problems as well.
There are several macros/functions available like md5() or len(). So I was wondering if it was possible to add a customfunction - something like "index=* sourcetype=w...
...tats is run, it does something to wipe out the value for correlationId . Why does this happen, and how can I get the stats functions to work harmoniously so that I can parse and see all the v...
I am working with event data in Splunk where each event contains a command with multiple arguments. I'm extracting these arguments and their associated values using regex, resulting in multi-value fi...