Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
19 results
Sorted by:
01-10-2020
09:56 AM
...ile which which identifies the name of the column based on the Type field...
types.csv:
Type Source_Column
type_1 List_Data
type_2 Totally_Different_Name
The idea being that if I get a n...
01-14-2019
04:17 AM
Community, need some help to work with 2 different source types .
I'm trying to run a search where I need to match information from 2 sources in 1 table.
What I'm trying to do is:
index=u...
09-14-2010
01:06 PM
...ollows:
[source::..._bluescreen.csv]
rename=Bluescreen
EXTRACT-Asset=(?<Asset>8[0-9, aA-zZ]{4})
fields="Dump File","Crash Time","Bug Check String","Bug Check Code","Parameter 1","Parameter 2","P...
12-11-2015
03:33 AM
Hi,
I have a timechart which appends three types of data into one chart in this way:
eventtype=x sourcetype=x | where ... | table _time series value
| append [ search eventtype=y source...
04-11-2018
07:07 AM
...tats count as Open by time
| join type=outer time
[search source="Tickets" | eval SolvedAt=substr(SolvedAt,1, 7) | rename SolvedAt as time | stats count as Solved by time ]
| table time O...
09-04-2012
06:48 PM
1 Karma
...t;
<param name="maxSize">1</param>
</module>
<!-- SearchBar - user types in a search, or comes in on a permalink. The search probably has transforming commands. -->
&l...
03-28-2017
07:49 AM
...ndex="orchestrator" source="/var/log/cluster-orchestrator/current" | rex max_match=10 "(?<json_field>{[^}]+})" | mvexpand json_field | spath input=json_field | rename Instances{}.ContainerName A...
12-05-2016
10:43 PM
...lready tried with rename and it's working fine, but the problem is in feature these kind of sourcetypes (new logs files) will come, then rename applies for all the _json sourcetypes. So, how can we fix it?
08-08-2016
02:01 AM
...icense_usage.log type=Usage pool=* idx=eop* earliest=-3d@d latest=@d | timechart span=1d sum(b) as Bytes | eval Bytes=(Bytes/1024/1024/1024) | eval time=_time | fields _time Bytes | collect index=main source...
