When I ran the following query:
index="myindex" sourcetype="hamlet" environment=staging
| top limit=10 client
| eval percent = round(percent)
| rename client AS "Users", count AS ...
...VALUE4.gemetry"
QUESTIONS:
How should define my regex tokenizer for the DATASETfield?
Should I define tokenizer in fields.conf or in Splunkweb's
Transform Manager page?
Hello! I have a dataset that I'd like to add a new field to where I can arbitrarily define the values with manual input without downloading and reuploading the data. I've tried editing the table b...
...uln:vulnerable-software-list>
I edited the file fields.conf too with the following syntax:
[name]
TOKENIZER = (cpe(:\/[\:\w\.]+))
But nothing happens. Any help? Thanks!
Best r...
Good morning to all,
I have a newbie question. I know I’m missing something simple, wondering if someone could point me in the right direction. I currently use Syslog as an input stream and create ...
Newbie here. I'm trying to set an alert that runs every 5 minutes and looks back over the past hour. It would trigger when we have "too many" of certain important ("heartbeat alert" for example) aler...
Thanks in Advance.
1.I have a json object as "content.List of Batches Processed{}" and Already splunk extract field as "content.List of Batches Processed{}.BatchID" and count it showing as 26 .But...
Hi,
I have the following search to calculate the average response time on a field for which data is coming from 10 hosts.
The intention to use the data model is to accelerate the search to l...
Hello, I was aware that splunk is very versatile application which allows the users to manipulate the data is many ways. I have extracted the fields of event_name, task_id , event_id. I am t...