Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
2,000 results
Sorted by:
11-30-2021
04:49 AM
need help on eval function of trimming the month EX : April = APR all months first 3 letters thanks
Labels
- Labels:
-
troubleshooting
06-21-2022
08:13 AM
Hello community,
like to ask for support to get over conditional formatting. I have 3 different products in a group. Product A, B and C and I need to add for each of them a different formula (c...
Labels
- Labels:
-
eval
Show results in replies (7)
-
A case function should do the job. | eval ProductGroup = case(product=A, group*100/3.33, product=B...
-
Please elaborate on "does not work". What results do you get and how do they not meet e...
-
Hello, not really as the formula does not work unfortunately. I want eval a group = case (in the r...
-
I want eval a row called RML = case (in the row "group", for a VALUE A divided by 3.33*100, in the ...
-
|eval ProductGroup=case(group=="PRODUCT_A",group/3.33*100 ,group=="PRODUCT B",group/3.061*100,...
-
This looks like a faithful interpretation of the OP's question, but won't work because if the group...
-
Hello Rich, thanks for message. Finally I´ve managed apply case function and resolved the i...
04-13-2022
12:29 AM
...xcellent Custom Function that looks in the cached SOAR internals for the cached results from previous executions of a specific app/action.
He did mention that this was a 'work in progress' and I can't f...
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom
09-11-2022
04:32 AM
...he number "N" in event and want to automate this new field so for every exampleN i have the same eval example. I mean it'll be a little more complicated as I'll create some case statement in eval but i...
Labels
- Labels:
-
eval
Show results in replies (4)
-
Use foreach. This example demonstrates how to do it, you can run it in the search window, but the l...
-
This is one of the great things you can do, if you use a well defined field naming convention. As y...
-
...t's makemv and mvexpand. As I need all this id0,id1,id2... expanded as id. basically, id0=0000, i...
-
Sry, It's working. I needed only this ForEach command.
01-18-2023
12:13 PM
Fairly new to writing playbooks within Phantom and so far havent found documentation for this yet: I'm trying to create an email notification (or something along those lines) whenever a playbook f...
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom
11-13-2015
01:50 AM
1 Karma
Hi, I wonder whether someone may be able to help me please.
I've been reading the Splunk documentation on the 'coalesce' function and understand the principals of this.
The example in the S...
02-06-2023
12:33 PM
So I have a field named "domain" that has values of single domains (A, B, C) and combinations of domains with two different values.
A B C A/B A/C A, B C, D I can successfully split the v...
Labels
- Labels:
-
eval
03-28-2023
07:26 AM
I have this search that is working and returning a average Delay value: Search Command
| eval epoch_timestamp=strptime(timestamp,"%Y-%m-%dT%H:%M:%S.%3N%:z")
| stats range(epoch_timestamp) as D...
01-12-2021
02:19 AM
I'm trying to understand the functionality of keepevicted. I've read several documentation about it but it's still not clear. I've made a search with transaction. Without keepevicted I get 5...
Labels
- Labels:
-
transaction
