Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
40 results
Sort by:
08-27-2018
09:43 AM
1 Karma
I need to create a multivalue field using a single eval function.
I'm using Splunk Enterprise Security and a number of the DNS dashboards rely on the field "message_type" to be populated with e...
05-29-2017
02:57 AM
...tdev
| eval lowerBound=(avg-stdev*20),upperBound=(avg+stdev*20)
| eval isOutlier=if('$sourcetype$' < lowerBound OR '$sourcetype$' > upperBound ,1 , 0)
| where isOutlier=1
But I do not k...
- Tags:
- splunk-enterprise
05-06-2020
06:39 AM
...ombination with isnotnull or !isnull functions can be used when you want to return only values that are not NULL from a multivalue field. Neither of these appear to work for me:
y=mvfilter(i...
02-19-2019
01:13 PM
...lue bill
blue bill
green gus
green gus
The above are pretty much 4 multivalue cells.
So I run the below to return just the first string before the line break for each cell:
| eval s...
05-19-2021
06:59 AM
1 Karma
...wanted to see if anyone has any ideas on how to accomplish this. Essentially I'm trying to find a way to run conversion functions from here against a multivalue field, ideally on the same eval...
Labels
- Labels:
-
eval
01-13-2022
05:00 AM
...oken, such as creating a hidden field in the table and use it for drilldown, or using different eval functions (depending on the use case). I am specifically interested in the format of using mvmap in a...
Labels
- Labels:
-
drilldown
03-24-2024
05:04 PM
Hi Splunk Experts,
I have some data coming into splunk which has the following format:
[{"columns":[{"text":"id","type":"string"},{"text":"event","type":"number"},{"text":"delays","ty...
Labels
- Labels:
-
field extraction
-
fields
-
table
07-30-2019
09:42 AM
...y_index"
I've tried many many options (eval, rex, table, and so on) to get the results formatted as a list that shows up properly in the dropdown. Thanks in advance.
08-08-2022
12:08 AM
Hello Everyone,
I have a table like this:
_time
value1
value2
30/12/2021 06:30
12.1
25.2
30/12/2021 06:00
12.1
25.2
30/12/2021 05:30
11.2
26.4
30/12/...
- Tags:
- search
07-13-2010
12:52 AM
4 Karma
In search language, is there a way to add the values stored in a multi-value field provided they are all numerical values?
I assume this might be possible with a rather excessive use of the eval functions...
- Tags:
- eval
- multivalue
