Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
238 results
Sorted by:
05-26-2021
06:22 PM
...he averages by category together in a stats table, is there an easy way to do this?
03-28-2018
10:57 PM
1 Karma
Hello Community,
I have defined some tags like:
Field=Value --> TAG
OBJECT_TYPE=*_EMS --> EMS
Now I want to use this Tags within my eval statement:
|stats
c...
01-13-2022
01:49 PM
Good Afternoon, So I've recently been hired on as a Splunk admin/analyst. The scope of my job really relies on my being able to know how to look things up in the search box. I real...
09-24-2021
02:17 AM
...ndex="myindex" source="/data/logs/log.json" "Calculation Complete"
| stats
| count(eval(MessageBody="*my string")) as My_String
| count(eval(MessageBody="*your string")) as Your_String
| count(eval(M...
11-19-2019
07:48 AM
The command I am running is:
basesearch | eval number = case ( number = "1" , "Number 1" , number = "2" , "Number 2" , number = "3" , "Number 3" , number = "4" , "Number 4" ) | stats count by n...
11-27-2016
01:37 AM
1 Karma
We use eval command to create new field, and we used this as function ex: |stats count(eval(method="GET")) as get . Can someone explain this example clearly? What is eval doing here?
04-09-2012
02:43 PM
...PECIFIC ERROR EVENT STRING"
| stats count as error_total
| eval user_total = [search "SOME UNIQUE USER LOGIN EVENT STRING" | stats count as search]
| eval percent = (error_total/user_total)*100
| f...
05-23-2020
11:10 AM
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...
- Tags:
- splunk-enterprise
03-30-2022
01:21 PM
...p: ". But not even the following works... | rex (?<opr>"(?<= op: )\w+") |stats count by opr | Any help is appreciated!
