Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
283 results
Sorted by:
02-21-2023
04:38 AM
...ut I would like for the attributes of an event that have a json format to be further decomposed into fields.
This is an example of an event:
I would like for the `attributes.data` field to b...
Labels
- Labels:
-
field extraction
Show results in replies (5)
-
| spath output=data path=attributes.data | spath input=data
-
Use the spath command in your search query to extract fields from JSON events.
-
You can use spath in your search SPL to extract fields from JSON data.
-
...tructure. Using this works fine: | spath output=data path=attributes.data But if I w...
-
Oh, nice, this works! Thanks.
03-29-2023
06:47 AM
Hi, can I ask you for helping me with this small problem, please?
If I read the content of the lookUp using any criteria I receive attribute Attr1. This Attr1 is multivalue attribute.
Attr1
7...
08-29-2022
05:55 PM
11-21-2022
11:48 AM
Hi,
Our system holds XML logs and the way it is structured, some of values are held inside a common set of name/value attribute pair which repeats number of times within the XML.
Index name is 'a...
Labels
- Labels:
-
field extraction
-
table
10-08-2013
04:44 AM
I have a number of sources where I extract fields using CSV on report level.
Do pivots and datamodels only work with fields extract at transform level?
12-06-2016
10:36 AM
We have thousands of Universal Forwarders (UF) in a large virtual desktop environment where we need to minimize the footprint and particularly the I/O as much as possible.
Question is for WinEvent...
07-01-2015
02:21 PM
Hi,
I am trying to create a navigation menu with HTML href attribute as follows:
<nav color="3075AB">
<collection label="My Label">
<a href="/app/myappname/f...
06-15-2022
08:42 PM
...emove below xml element with attribute from data fields , How can I do that ?
<InfoNox_Interface xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"&g...
Labels
- Labels:
-
correlation search
12-02-2022
07:22 AM
...t;/unitData>
Before indexing I would like to create new additional attribute machine which should have value depended of these conditions:
case equipment="W052A-22G0014" machine =machine1
c...
Labels
- Labels:
-
props.conf
-
transforms.conf
-
XML
Show results in replies (5)
-
Hi @spisiakmi, you have to test and find the eval field calculation and then save it as a calculat...
-
Hi @gcusello I try calculated field definitely. If you have a time to help me with it, it would be...
-
Hi @spisiakmi, why create this field before indexing? You can create a calculated field at Search...
-
Hi @gcusello I wanna thank you very much. Your solution with calculated field was brilliant....
-
Hi @spisiakmi, good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karma ...
04-01-2021
09:07 AM
I have basic web logs with username and jsessionid. I want to group (assume a single index, with one set of data). So thousands of events. I want to group by jsessionid and username - creating...
