Is there a way to change the _time field of imported data to be a custom extracted datetime field? Or at least some way to specify a different field used by the time picker? I have seen some s...
Hello everyone! I need some help creating a multivalue field. Events can contain 1 or more fields with the following forms: I try to explain with an example Event1: FICHERO_LOG1 = /any/log1/id/i...
Hi Splunk Team I am having issues while fetching data from 2 stats count fields together. Below is the query: index=test_index | rex "\.(?<TestMQ>.*)\@" | eval Priority_Level=case(P...
Hi,
I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_name is a multivalued field as shown. I tried using makemv delim but it doesnt work b...
Hi Guys, In my scenario i want to compare two column values .If its match its fine if the values is in difference i want to display both the field values in some colour in the splunk dashboard....
{"log":"{\\"instanceId\\":\\"abc-fdh-48f-4432\\",\\"requestType\\":\\"ABC\\"}
Using the above sample log, how to extract the request type and instanceId fields values?
Hi Splunkers! I need to extract the specific field which dosent consists of sourcetype in logs, Fields to extract - OS, OSRelease Thanks in Advance, M...
I have a multivalue field, which I would like to expand to individual fields, like so: | makeresults count=1
| eval a=mvappend("1","7")
| eval a_0=mvindex(a,0,0)
| eval a_1=mvindex(a,1...