Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
36 results
Sorted by:
10-03-2013
07:34 AM
...his:
| eval (distinct_count(host)) < 3
But it does not work.
I guess I need to assign a key to the value derived from "stats distinct_count(host) by fruit" so I can use that key for the evaluation....
04-17-2018
07:03 PM
I have a panel which provides us a list of transactions along with the StartTime of the transactions. I want a drill down panel which searches for a specific transaction within the time range (StartT...
05-29-2017
02:57 AM
Hi,
I am trying to create an anomaly detector for unusually high thruputs across all sourcetypes in my Splunk internal logs. I have used the following code to compile a table of the sourcetype by ...
- Tags:
- splunk-enterprise
10-23-2014
11:51 AM
1 Karma
...ollowing search: index=app_logs env=prod | makemv delim="," ids | mvexpand ids
Does not yield the expected results of 5 new events.
It seems like this is a bug in the way Splunk evaluates m...
10-19-2022
06:26 AM
...son_extract(utfx,"{}.9E")) or this: f=replace(_raw,"\\\\x([0-9a-fA-F]{2})","\1")), which simply removes the "\x" ...so is it like the capt.groups of the regex in replace() is not evaluated if it is a...
Labels
- Labels:
-
other
08-14-2017
10:18 PM
Streamstats can produce sum of differences like
(fieldB- fieldA)+ (fieldC-fieldB)+(fieldD - fieldC) = a total of 30 min.
Can we achieve this evaluation through streamstats ? (fieldB - f...
- Tags:
- streamstats
11-08-2011
10:08 AM
...as to use the dc() function to get a count of unique user-ids, and the list() function to put them together as multivalues associated with their given, common, IP address. Here is the search:
i...
01-07-2020
12:54 AM
Hi,
I am trying to add new evaluation for a field in search-time.
For some reason, when I run query from my search head, I get the old values and it seems that the props.conf is not working....
10-15-2015
11:52 AM
Hello all,
I have the following eval function which functions properly:
| eval my_count=if(match(lower(FieldName),"\\\filename.exe"),1,0)
But I want to evaluate a few things in the if s...
