Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
2,000 results
Sort by:
10-03-2024
05:55 PM
I've seen someone use this traffic search function but can't find it myself: How can I access this traffic search function? I know that I can run a search to get the same result but would l...
Labels
- Labels:
-
correlation search
12-06-2024
01:42 PM
I have created a dashboard that takes input from the users in 4 textbox inputs and store it in a lookup file. My requirement is that tokens should be passed to the search query only after submit b...
Labels
- Labels:
-
token
06-27-2024
01:00 PM
When using regex how can I take a field formatted as "0012-4250" and only show the 1st and lat 3 digits? I tried the following in which maintains the original output:
| eval AcctCode = replace(A...
- Tags:
- replace
07-05-2024
03:50 AM
Hello All ,
Greetings
I am looking for perfect explanation of memk() function used with convert statement , how it works and where to pass the m,g,k (The letter k indicates kilobytes, m...
Labels
- Labels:
-
field extraction
12-13-2023
05:19 AM
Hi guys, I started today with Splunk and have one question. I want to use an or function that if the second "or" the third row is active I got the trigger. Any ideas how t...
Labels
- Labels:
-
eval
05-26-2024
07:06 AM
...earches-and-why-they-help/ Question 1) - index=firewall_data 127.0.0.1 Or - index=firewall_data "127.0.0.1" If I search that, because of the internal segmentation process 1...
06-21-2022
08:13 AM
Hello community,
like to ask for support to get over conditional formatting. I have 3 different products in a group. Product A, B and C and I need to add for each of them a different formula (c...
Labels
- Labels:
-
eval
Show results in replies (7)
-
A case function should do the job. | eval ProductGroup = case(product=A, group*100/3.33, product=B...
-
Hello, not really as the formula does not work unfortunately. I want eval a group = case (in the r...
-
I want eval a row called RML = case (in the row "group", for a VALUE A divided by 3.33*100, in the ...
-
Please elaborate on "does not work". What results do you get and how do they not meet e...
-
|eval ProductGroup=case(group=="PRODUCT_A",group/3.33*100 ,group=="PRODUCT B",group/3.061*100,...
-
This looks like a faithful interpretation of the OP's question, but won't work because if the group...
-
Hello Rich, thanks for message. Finally I´ve managed apply case function and resolved the i...
11-30-2021
04:49 AM
need help on eval function of trimming the month EX : April = APR all months first 3 letters thanks
Labels
- Labels:
-
troubleshooting
04-06-2023
03:57 AM
...utom external command and I wanted to ask how and where I can get such statistical functions into Splunk? Many thanks as always,
Labels
01-18-2023
12:13 PM
Fairly new to writing playbooks within Phantom and so far havent found documentation for this yet: I'm trying to create an email notification (or something along those lines) whenever a playbook f...
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom
