Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
126 results
Sorted by:
03-21-2018
02:21 AM
base query | regex field= "XXX*(?.*)" | stats count by regular_expression_value
this query displaying 5 lines but want only the first lines
how to get using abstract maxlines=1
- Tags:
- splunk-enterprise
Show results in replies (9)
-
base query | regex field= "XXX*(?.*)" | abstract maxlines=1
-
The abstract command is for text, not stats.
-
is it possible to do the same with abstract command?
-
Could you please modify the same command without stats and substitute abstract
-
Thanks for your help i think we can't combine abstract command and regex.
-
...ine break which should do it. You are focused on abstract and rex command however, even if feasible t...
-
What answer are you expecting? What exactly are you trying to do? You insist on using abstract...
-
...irectly in rex command without having to use abstract command which is working for you but is a...
-
Hi, actually i have regular expression..it having 5 lines value. i want one line using abstract...
09-21-2012
09:40 AM
...rror codes, Business Error Codes and SLA for example. We are having trouble getting this schema to work using an abstract CSV file (see example below).
Has anyone successfully implemented such a data s...
- Tags:
- search-language
03-02-2018
07:07 PM
Hi , Could you please help me to use of abstract command for below event.What would be output for below command if used abstract command.Thanks
3/3/18
8:29:19.637 AM
03-03-2018 08:29:19.637...
- Tags:
- splunk-enterprise
07-29-2016
12:30 AM
I've developed an app that contains dashboards.
For now, I have deliberately not limited the searches to specific indexes. Two reasons (but not the only reasons):
I developed the app in Splun...
06-06-2021
09:42 PM
How can I use abstract command? My query is | makeresults | eval test = " 123456789 123 456" | abstract maxlines=1 This query shoud be "test = 123456789" I think.. But whole c...
Labels
- Labels:
-
table
07-31-2019
11:11 PM
Hello,
I need help to further sort the following data. In the sample data in the screenshot, I wanted to group the password.
The output should look like
problem abstract c...
12-07-2020
12:47 PM
How can i get data from Mcafee ePo directly to splunk ? i see that there is an Add on for MacAfee but that required syslog configuration over tls, which im having issue configuring
Labels
07-13-2020
02:41 AM
Hallo, I would like to investigate the login behaviour of users. I use this search: I receive the following example log: The "abstract" function creates the field "Kontoname". This c...
Labels
- Labels:
-
field extraction
01-18-2013
11:53 AM
OK the last question might have bee to hard for the group. So try this one.
I am using the join statement like this "search1 | join id [search2]"
In the primary search and in the sub-search th...
- Tags:
- join
11-19-2018
08:33 PM
Hi, How do I rename hostname in Splunk?
I am trying to enroll a particular syslog in Splunk. I want to rename a hostname from
a => b
c => d
How could I achieve this?
Thanks,
Din...
