Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
26 results
Sorted by:
04-17-2018
07:03 PM
I have a panel which provides us a list of transactions along with the StartTime of the transactions. I want a drill down panel which searches for a specific transaction within the time range (StartT...
10-03-2013
07:34 AM
...his:
| eval (distinct_count(host)) < 3
But it does not work.
I guess I need to assign a key to the value derived from "stats distinct_count(host) by fruit" so I can use that key for the evaluation....
10-23-2014
11:51 AM
1 Karma
...ollowing search: index=app_logs env=prod | makemv delim="," ids | mvexpand ids
Does not yield the expected results of 5 new events.
It seems like this is a bug in the way Splunk evaluates m...
08-14-2017
10:18 PM
Streamstats can produce sum of differences like
(fieldB- fieldA)+ (fieldC-fieldB)+(fieldD - fieldC) = a total of 30 min.
Can we achieve this evaluation through streamstats ? (fieldB - f...
- Tags:
- streamstats
11-08-2011
10:08 AM
...as to use the dc() function to get a count of unique user-ids, and the list() function to put them together as multivalues associated with their given, common, IP address. Here is the search:
i...
01-07-2020
12:54 AM
Hi,
I am trying to add new evaluation for a field in search-time.
For some reason, when I run query from my search head, I get the old values and it seems that the props.conf is not working....
10-15-2015
11:52 AM
Hello all,
I have the following eval function which functions properly:
| eval my_count=if(match(lower(FieldName),"\\\filename.exe"),1,0)
But I want to evaluate a few things in the if s...
12-22-2016
03:43 PM
I have multiple queries for same index and therefore trying to avoid subsearches. Looking for right syntax, trying to do something like:
index=abc sourcetype=xyz | eval w=case("keyword1", "k1", ...
12-02-2020
10:31 PM
Similar to the Regex to find a directory in a path question, how does one find the full directory path to an file (e.g. like the "dirname" command in Linux)? For example in Windows Securit...
Labels
- Labels:
-
fields
