Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
185 results
Sorted by:
03-28-2018
10:57 PM
1 Karma
Hello Community,
I have defined some tags like:
Field=Value --> TAG
OBJECT_TYPE=*_EMS --> EMS
Now I want to use this Tags within my eval statement:
|stats
c...
11-19-2019
07:48 AM
The command I am running is:
basesearch | eval number = case ( number = "1" , "Number 1" , number = "2" , "Number 2" , number = "3" , "Number 3" , number = "4" , "Number 4" ) | stats count by n...
11-27-2016
01:37 AM
1 Karma
We use eval command to create new field, and we used this as function ex: |stats count(eval(method="GET")) as get . Can someone explain this example clearly? What is eval doing here?
04-09-2012
02:43 PM
...PECIFIC ERROR EVENT STRING"
| stats count as error_total
| eval user_total = [search "SOME UNIQUE USER LOGIN EVENT STRING" | stats count as search]
| eval percent = (error_total/user_total)*100
| f...
02-08-2021
07:23 AM
...nd_time=mvindex(timestamp,1) | stats sum(duration) AS duration_indispo by Function, periode | eval Percent_Available = round((periode-duration_indispo)*100/periode,3) |rename Function AS "A...
- Tags:
- @rnowitzki
- all
04-15-2014
08:05 AM
2 Karma
...f and stats sum, and 2) stats if count.
How can I make these methods work, if possible? I want to understand the functions in this context. Also, is there a better way?
Here is my eval a...
12-09-2020
04:23 PM
...s doing the eval before the stats, but everything I try ends up with null values for the eval, even though the table is properly populated with the values for itemsReceived and itemsProcessed (I have a...
08-22-2019
12:22 PM
Hi. How do I get from the first table to look like the second table?
I have tried chart, transpose, different combination of eval and stats functions but just cannot get it to look right. I am w...
03-17-2020
10:50 AM
For an events index , I would do something like this:
|tstats max(_indextime) AS indextime
WHERE index=_* OR index=*
BY index sourcetype _time
| stats avg(eval(indextime - _time)) AS latency B...
