Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
20,000 results
Sorted by:
01-25-2021
09:07 AM
I am using the following eval command. I want the type column to pick up both the sources. index=xyz (source=smf015 OR source=smf014) | stats values(source) as source by JFCBDSNM DATETIME S...
Labels
- Labels:
-
using Splunk Cloud
Show results in replies (5)
-
...FCBELNM TIOEDDNM SMF14PGN | eval Type=case(mvcount(source)>1,"Both",source LIKE "%SMF014","Input",s...
-
...ommand output before eval?
-
...ource) as source by JFCBDSNM DATETIME SMF14JBN SMF14RST SMF14SPN JFCBELNM TIOEDDNM SMF14PGN | eval T...
-
...ATETIME SMF14JBN SMF14RST SMF14SPN JFCBELNM TIOEDDNM SMF14PGN | eval Type=case(source="smf014","Input",s...
-
...FCBELNM TIOEDDNM SMF14PGN | eval Type=case(mvcount(source)>1,"Both",source LIKE "%smf014","Input",s...
03-04-2021
08:46 AM
Hi All, Is it possible to perform Eval then perform lookup ? If the eval return null then perform lookupA.csv. If eval return notnull, then perform lookupB.csv thanks!
Labels
- Labels:
-
search
05-11-2020
01:40 AM
Hi all,
During evaluating round I got the error:
| stats avg(duration) AS "booking average time" by hours
| eval "booking average time"=round("booking average time",2)
Error in 'eval' c...
Thursday
We all know that manipulating _MetaData:Index we can redirect some events to another index. But the question is - can we do it using Ingest-time evals? For example - using lookup() function to s...
Labels
- Labels:
-
transforms.conf
Show results in replies (4)
-
...vent. It's perfectly ok to overwrite the index field with ingest-time eval. [test-new-i...
-
I beg to differ. EVAL can be used index-time. See https://docs.splunk.com/Documentation/Splunk/8.1...
-
Yes, I understand what's the difference between index, lookup and eval. I'm asking whether I can u...
-
Hi @PickleRick, you cannot use eval, because it's a command used at search time and you're s...
12-04-2020
03:33 PM
Hello Splunkers, I am trying to write is a condition that says if command starts with "CHA" or "INS" add one. The Query: host=*| eval AUDIT=if(like(COMMAND,"CHA % AUDIT%", "INS % AUDIT%"),1...
02-25-2019
02:52 AM
Hi, I wonder whether someone can help me please.
I'm using number the following as part of a query to extract data from a summary Index
| stats count(eval(repayments_submit="1")) as r...
Wednesday
...bsp; Product , a, b, c, d, In_Spec I would like to use eval to assign the value to In_Spec |eval In_Spec=( if Product=1 and a1<a<a2 and b1<b<b2 and c1<c<c2, "yes", "no") b...
Labels
- Labels:
-
eval
10-15-2020
08:37 AM
1 Karma
...s formatted in proper json "tree" view and color coding in Search. Ansible app uses the _json source type. When I tried to use . ...| eval foo = json_extract(<objectname>) | table foo I...
- Tags:
- json
Show results in replies (7)
-
index=_internal | head 1 | fields _raw _time | eval _raw="{ \"cities\": [ { \"n...
-
...d01-89e4-6a07527060d3" | eval win_upd_failed=spath(_raw, "ansible_result.failed_update_count") | eval...
-
I just stumbled over the same issue. The reason why it fails is because the eval command j...
-
...in_updates" | eval win_upd_failed=spath(_raw, "ansible_result.failed_update_count") | eval w...
-
I got something that works. | eval upd_kb="" | foreach ansible_result.filtered_updates.*.kb{} [eval...
-
your log is not valid json and _raw. index=_internal |head 1| fields _raw | eval...
-
...*.kb* [eval flt_kb=flt_kb.'<<FIELD>>'] | table flt_kb ansible_result.filtered_updates*.kb...
