Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
18 results
Sorted by:
01-14-2019
04:17 AM
Community, need some help to work with 2 different source types .
I'm trying to run a search where I need to match information from 2 sources in 1 table.
What I'm trying to do is:
index=u...
09-14-2010
01:06 PM
...ollows:
[source::..._bluescreen.csv]
rename=Bluescreen
EXTRACT-Asset=(?<Asset>8[0-9, aA-zZ]{4})
fields="Dump File","Crash Time","Bug Check String","Bug Check Code","Parameter 1","Parameter 2","P...
12-11-2015
03:33 AM
Hi,
I have a timechart which appends three types of data into one chart in this way:
eventtype=x sourcetype=x | where ... | table _time series value
| append [ search eventtype=y source...
04-11-2018
07:07 AM
...tats count as Open by time
| join type=outer time
[search source="Tickets" | eval SolvedAt=substr(SolvedAt,1, 7) | rename SolvedAt as time | stats count as Solved by time ]
| table time O...
03-28-2017
07:49 AM
...ndex="orchestrator" source="/var/log/cluster-orchestrator/current" | rex max_match=10 "(?<json_field>{[^}]+})" | mvexpand json_field | spath input=json_field | rename Instances{}.ContainerName A...
12-05-2016
10:43 PM
...lready tried with rename and it's working fine, but the problem is in feature these kind of sourcetypes (new logs files) will come, then rename applies for all the _json sourcetypes. So, how can we f...
08-08-2016
02:01 AM
...icense_usage.log type=Usage pool=* idx=eop* earliest=-3d@d latest=@d | timechart span=1d sum(b) as Bytes | eval Bytes=(Bytes/1024/1024/1024) | eval time=_time | fields _time Bytes | collect index=main source...
08-18-2020
08:17 AM
...he two searches I would like to join are: Search 1: index="_internal" source="*metrics.log" per_index_thruput series=autoshell host=lelsplunkix* | eval GB=kb/(1024*1024) | timechart span=12h sum(G...
Labels
- Labels:
-
join
01-28-2019
06:29 AM
...| end time | count(sourcetype C)
To join start and endtime, I already have the following
index=* sourcetype=A | `Renaming` | join type=outer OrderId
[ search index=* sourcetype=B
| `Renam...
