Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
24 results
Sorted by:
12-27-2021
07:26 AM
1 Karma
...alues from the other two source types are on a separate row at 10:02. Ideally, all three values should be on the same row (much like the 10:06 and 10:11 entries). How can I alter my search query to a...
01-14-2019
04:17 AM
Community, need some help to work with 2 different source types .
I'm trying to run a search where I need to match information from 2 sources in 1 table.
What I'm trying to do is:
index=u...
09-14-2010
01:06 PM
...ollows:
[source::..._bluescreen.csv]
rename=Bluescreen
EXTRACT-Asset=(?<Asset>8[0-9, aA-zZ]{4})
fields="Dump File","Crash Time","Bug Check String","Bug Check Code","Parameter 1","Parameter 2","P...
12-11-2015
03:33 AM
Hi,
I have a timechart which appends three types of data into one chart in this way:
eventtype=x sourcetype=x | where ... | table _time series value
| append [ search eventtype=y source...
03-08-2017
01:58 AM
...ostName$)` instance=$instance$ | fields *</query>
<earliest>$TimeSpan.earliest$</earliest>
<latest>$TimeSpan.latest$</latest>
<row>
<input type="radio" search...
- Tags:
- splunk-enterprise
04-11-2018
07:07 AM
...tats count as Open by time
| join type=outer time
[search source="Tickets" | eval SolvedAt=substr(SolvedAt,1, 7) | rename SolvedAt as time | stats count as Solved by time ]
| table time O...
03-28-2017
07:49 AM
...ndex="orchestrator" source="/var/log/cluster-orchestrator/current" | rex max_match=10 "(?<json_field>{[^}]+})" | mvexpand json_field | spath input=json_field | rename Instances{}.ContainerName A...
12-05-2016
10:43 PM
...lready tried with rename and it's working fine, but the problem is in feature these kind of sourcetypes (new logs files) will come, then rename applies for all the _json sourcetypes. So, how can we f...
a week ago
Good Morning,
I'm trialing Splunk Cloud in anticipation of a purchase. I have installed Splunk Enterprise as the deployment server and universal forwarders on three servers. My clients are showing ...
- Tags:
- splunk-cloud
- windows
Labels
- Labels:
-
inputs.conf
-
universal forwarder
-
Windows
Show results in replies (1)
-
...have a list of inputs that I printed to PDF to attach here as well.inputslist.pdf (145 KB)
