Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
30,000 results
Sort by:
12-18-2024
08:40 AM
...ield) is max. How can I use eval in stats to have this? something like this: | stats values(eval(title4 where value is max)) AS title4 BY title1 How can I do it? Ciao....
Labels
- Labels:
-
stats
06-27-2024
01:00 PM
When using regex how can I take a field formatted as "0012-4250" and only show the 1st and lat 3 digits? I tried the following in which maintains the original output:
| eval AcctCode = replace(A...
- Tags:
- replace
07-15-2024
06:17 AM
Hello,
Anyone knows if we can use eval-ingest with lookup command in Splunk Cloud?
The problem is that in Splunk Cloud we can only add configuration via custom app in SH.
Eval-ingest in g...
Labels
- Labels:
-
configuration
10-11-2024
09:29 AM
...ucket
| eval Derived_Status_Code=
case(
status_code>=199 and status_code<300,"Success",
status_code>=499,"Errors",
1=1,"Others" ``` I do not need anything that is not in the above c...
05-08-2024
02:58 AM
...irectly in the search. I'm aware that the syntax I'm using here with eval is not the one specified in the documentation, but I'm using it to simulate the calculated field (and it yields the same r...
Labels
- Labels:
-
eval
05-09-2024
06:21 AM
...han 61 days.. but i cant get the spl right.
| eval epoch_lastLogonTimestamp_date = strptime(lastLogonTimestamp, "%Y-%m-%dT%H:%M:%S")
| eval last_logon_total = strftime(e...
11-30-2021
04:49 AM
need help on eval function of trimming the month EX : April = APR all months first 3 letters thanks
Labels
- Labels:
-
troubleshooting
10-06-2024
04:29 AM
...ndex_1 , index_2 , index_3 Based on the selected index, I am trying to run the splunk query: index="index_1"
| eval hostname_pattern=case(
index == "index_1","*-hostname_1",
index == "i...
02-13-2025
10:57 AM
Howdy, I'm building out some alerting in Splunk ES, and created a new correlation search. That is all working, but I'm unable to pass my eval as a value into email alert. What I have: | eval a...
Labels
04-15-2024
03:30 PM
...og a and log b without doing a subsearch, so far I have
index=a, env=a, account=a ("There is a file" OR "The file has been found")|field filename from log b | field filename2| eval Endtime = _...
Show results in replies (4)
-
...he final where clause will ensure that you have seen both loga and logb events. | makeresults | eval...
-
...]+\/(?<filename>[^\"]*)"| rex field=_raw "[a-zA-Z0-9]+\/(?<filename2>[^\"]*)" | eval E...
-
...nvironment. index=c account=1 env=lower source="logfiles" ("destination" OR "received") | eval l...
-
...og a or b and then you can do something like this logic | eval logtype=if(condition..., "loga", "l...
