Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
38,051 results
Sort by:
06-12-2025
09:23 AM
...he fillnull to see which fields are causing the problem. I noticed that these fields where i am using eval are causing the issue as i see 0 inside these columns after using fillnull | eval s...
Labels
- Labels:
-
eval
Show results in replies (4)
-
...DT" ``` This is what you want - above is just constructing an example dataset ``` | eval t=s...
-
Thank you Rich, If i just remove the extra space that is in the strp function i should be ok eval...
-
...ormat - do i have to specify the space for :161 like eval date_only=strftime(strptime(C...
-
I put a \s before and after the : because your example showed the space before, but your sed was re...
06-03-2025
06:04 AM
Hi, I have this field in this format and i am using eval to convert but sometimes there is an extra space in it after : Mon 2 Jun 2025 20:51:24 : 792 EDT - with extra space after h...
Labels
- Labels:
-
eval
12-18-2024
08:40 AM
...ield) is max. How can I use eval in stats to have this? something like this: | stats values(eval(title4 where value is max)) AS title4 BY title1 How can I do it? Ciao....
Labels
- Labels:
-
stats
06-27-2024
01:00 PM
When using regex how can I take a field formatted as "0012-4250" and only show the 1st and lat 3 digits? I tried the following in which maintains the original output:
| eval AcctCode = replace(A...
- Tags:
- replace
07-18-2025
07:18 AM
I am ingesting data from the Splunk Add on for O365. I want to use the Eval Expression filter within an ingestion action to filter what email addresses we ingest data from. Sampling the data is e...
Labels
- Labels:
-
configuration
-
using Splunk Enterprise
05-16-2025
03:47 AM
...tatus- DB instance is not available I would need to write Eval condition and create new field description that if field status is " database is down" , I need to add date, dB, status, I...
Labels
- Labels:
-
eval
Show results in replies (4)
-
| eval description=case(Status="host is down",Date.",".Server.",".Status.",".Threshold,Status="d...
-
Hi @Harikiranjammul Use an eval statement with a conditional to build the description f...
-
| eval description=case(like(Status,"%host is down%"),Date.",".Server.",".Status.",".Threshold,l...
-
Thank you How can I use eval like here? I mean here status field contains someother text before a...
a month ago
So I've been turning myself inside out trying to figure this one out and cannot... In search this works fine, 'test' evaluates to "default" | makeresults | eval value = "users|default" | eval t...
Labels
- Labels:
-
Classic dashboard
03-31-2025
01:59 PM
I've scowered the internet trying to find a similar issue with no avail. | rex field=userRiskData.general "do\:(?<deviceOs>.+?)\|di\:(?<deviceId>.+?)\|db\:"
| eval validUser=if(i...
11-30-2021
04:49 AM
need help on eval function of trimming the month EX : April = APR all months first 3 letters thanks
Labels
- Labels:
-
troubleshooting
06-16-2025
06:10 AM
...osition (1, 3 , 5, etc.) - The file hash in every pair position So far, I've done it in SPL but I cant find a way to do that in a props.conf (because in props.conf, you can't do a multiline |eval : Every eval...
Labels
- Labels:
-
field extraction
