Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
194 results
Sorted by:
10-25-2021
06:52 AM
I'm trying to use the map command and it seems to fail when I try using some functions within the subsearch (specifically: cidrmatch()). This search returns a correctly-populated t...
Labels
- Labels:
-
join
05-13-2020
01:06 PM
1 Karma
...econds)
Rather than building a full custom command to do the following:
| duration outputfield=cleanTime seconds
I know the function's code are locked and are part of the source code but can I add to it?
Labels
- Labels:
-
using Enterprise Security
10-09-2012
09:24 AM
Hello the splunk community,
I'm kinda new to splunk, and I'm trying to perform some charting using the eval function like as follow:
index=index1 action=action1
| chart c as count by a...
10-22-2010
01:22 AM
...larity and supportability (the "OR" clause will continue to grow for this event type), I need to avoid the iteration and use the eventtype.
For reference:
http://www.splunk.com/base/Documentation/l...
- Tags:
- eval
07-18-2019
08:59 AM
...oo"
| eval ruser=replace(user,"\\","\\")
In this case I have this error
Error in 'eval' command: Regex: \ at end of pattern
The same for:
| eval ruser=replace(user,"\","\\")
U...
02-16-2022
06:43 AM
...rite my queries to tstats, and I think what I tried to do here is in line with the recommendations, i.e. I repeated the same functions in the stats command that I use in tstats and used the same BY c...
Labels
- Labels:
-
tstats
09-13-2013
03:21 AM
Hi,
We are using Splunk version 5.0.4 in our application. In order to bucket our data and display the buckets in proper order, we use the chart command and then take substr of the field. The f...
- Tags:
- substr
07-21-2015
10:40 AM
...rocs{} = special
procs{} = C,B
The counts should be: A: 1, B:3, C:1, special:1
index=foo | rename procs{} as procs | eval numprocs=mvcount(procs) | mvexpand(procs) | stats count(eval((p...
08-20-2021
07:43 AM
...loat also failed |inputlookup app_usage.csv | eval Webmail=cast(Webmail, 'float') with error Error in 'eval' command: The 'cast' function is unsupported or undefined. cast should be in the...
Labels
- Labels:
-
using DSP
02-19-2020
04:20 AM
...ELPHI_REQUEST.REQUEST.COMMAND ,host,SVC_ID,check
|rename DELPHI_REQUEST.REQUEST.COMMAND as "COMMAND"
I am getting below output where coalesce is not printing the value of field DELPHI_REQUEST.REQUEST.COMMAND i...
