Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
30,000 results
Sorted by:
11-30-2021
04:49 AM
need help on eval function of trimming the month EX : April = APR all months first 3 letters thanks
Labels
- Labels:
-
troubleshooting
02-07-2023
05:18 PM
Average response time with 10% additional buffer ( single number)
03-04-2021
08:46 AM
Hi All, Is it possible to perform Eval then perform lookup ? If the eval return null then perform lookupA.csv. If eval return notnull, then perform lookupB.csv thanks!
Labels
- Labels:
-
search
05-11-2020
01:40 AM
Hi all,
During evaluating round I got the error:
| stats avg(duration) AS "booking average time" by hours
| eval "booking average time"=round("booking average time",2)
Error in 'eval' c...
02-09-2023
09:11 PM
...ndex=na160 starttime="02/08/2023:00:00:00" endtime="02/08/2023:24:00:00" requestId="TID:348627200000212ea7" | stats count as 242_COUNT by logRecordType] | eval difference = (242_COUNT - 240_COUNT) | t...
Show results in replies (4)
-
On the right hand side of an eval statement if the field name starts with numbers or contains '.' o...
-
...48627200000212ea7") | stats count(eval(requestId="TID:131610985000004c2d")) as 240_COUNT count(eval(r...
-
Given example is simplified version of query, however in actual requestId is coming from...
-
...our head around how to use stats+eval to join data sets. You will not regret it 😁 join can o...
2 weeks ago
I'm trying to evaluate the date string to a time format sing the strptime() the format I have is: Tue_Oct_25_03:57:49_IDT_2022
the strptime function looks like: strptime(d...
Show results in replies (6)
-
...he equivalent | eval d=strptime(replace(date,"IDT","+0300"),"%a_%b_%d_%H:%M:%S_%z_%Y") Note the c...
-
Hi @dtibi, the strptime funtion is correct, are you sure about the date values? Ciao. Giuse...
-
Hi @gcusello Thanks for the reply. I'm pretty sure. This issue waisted a lot of my time. n...
-
Hi @dtibi , could you share some sample of your logs? please use the Insert/Edit code s...
-
Hi @dtibi , good for you, see next time! Ciao and happy splunking Giuseppe P.S.: Karm...
-
Thank you!!!! @ITWhisperer
06-15-2022
07:02 AM
Hi everyone, i want to use the below command in a single line. i have tried "comma" but it's not working. How do i do it? |eval comments= if(Action="create","something has been created",'c...
Labels
- Labels:
-
eval
Show results in replies (5)
-
Hi @super_saiyan, yes sorry! | eval comments= if(Action="create","something has been c...
-
Use the case command, like this |eval comments= case(Action="create","something has been c...
-
Hi @super_saiyan, use two concatenated ifs: | eval comments= if(Action="create","something h...
-
There is a closing bracket " ) " missing in the SPL. is it supposed to be that way ? @gcuse...
-
Yes, It ran and solved my issue. Thank you so much as always. @gcusello
