Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
4,000 results
Sorted by:
12-14-2020
12:17 PM
I am looking to convert a field labeled "name" to populate email. I am wanting to have a search that takes a name in a field and formats it to match our certain naming convention. If the field h...
Labels
- Labels:
-
other
-
report acceleration
11-19-2020
03:52 AM
Hi, I had a good base search for a calculation and alerting when an upload/download happens, but now I tried to tidy it up and convert bytes to KB and show a percentage as a "10%" instead of j...
Labels
- Labels:
-
eval
04-05-2020
04:54 PM
I'm running the below query to find out when was the last time an index checked in. However, in using this query the output reflects a time format that is in EPOC format. I'd like to convert it t...
08-15-2016
10:17 AM
...H:MM?
| eval Time = _time
| table Time "Idle Time" | convert ctime(Time)
01-26-2012
10:25 AM
I have an event field called `LastBootUpTime=20120119121719.125000-360'
I am trying to convert this to a more readable format by using this convert command
| convert timeformat="%m-%d-%Y %H:%M...
- Tags:
- convert
- timeformat
08-04-2016
07:49 AM
I am trying to convert the string "08/04/16 09:40:41.690" to a date in splunk. I think that I am supposed to use some combination of strptime and strftime but I can't figure it you. I thought that e...
04-16-2012
03:23 AM
1 Karma
Hi ,
In splunk query i need to convert time format as below .
Current format - Apr 13 17:58:35
Required Format : 04/13/2012 5:58:35 PM
- Tags:
- timeformat
12-18-2014
11:25 PM
2 Karma
...elative_time(now(),"-45y")
Search 2:
|stats count | eval next_time=relative_time(now(),"-45y")| convert ctime(*_time)
02-21-2017
02:53 PM
Hi, I don't understand why my datetime extracted can't convert when same format has no issue
host="gm*w8*" OR host="gm*w12*" sourcetype="WinEventLog:System" EventCode=6008
|rex field=Message "a...
03-10-2021
03:13 AM
Hello, Having defined multiple alerts before starting to use Enterprise Security, is there a way to convert the existing alerts to correlation searches ? Instead of sending emails as a...
Labels
