Hi sorry if this has been asked before, spent lot of time researching but can't find quite the answer. I have this json logged below, I want to do analysis on the order lines, so need a search to re...
Hello I have a search which is gathering 8 columns from a table. (below) I want to make col1 available to query against later in the SPL. I tried to access via "rename query.col1 as col1" for e...
Hi Experts
When using the following eval, I would like to declare a variable in macro as in create_var(3).
| eval var_1 = if(isnull(var_1),"", var_1) , var_2 = if(isnull(var_2),"", var_2), var_3 ...
...xists for each user account, and all the IPs associated with that user account are stored in a multivalued field. I want to iterate through the multivalued field and compare IP1 with IP2, IP2 with I...
The event has a field: {
...
some_field: {
key1: value1
key2: value2
}
...
} How to iterate over the values of "some_field" field? For example I need to get max v...
I have an input lookup table with a list of user accounts we are trying to search through.
Instead of doing index=wineventlog EventCode=4624 user=user1 OR user=user2 OR user=user3 .....etc
H...
...bsp; Now how can I iterate over each value from temp and then split by "=" and get value of each? Or is there a better way to do this? Also how do i plot graph for this?
...ind_string may need to be a regex for this purpose ???) Then, for every row/event in the search result, I need it to iterate over the lookup table and perform the following operation for a single field f...
Looking for a sanity check here. I want to search my Splunk for a long list of field values (essentially, an OR for each value) and the best way to get that list of values is by searching for them. ...