Hi Splunkers, I am currently trying to create a pie chart that gets its data from a token: host=* | eval $Overview$ | chart sum(Warning) as "Warnings" sum(Violation) as V...
...bsp; I'm missing how to do | stats count by appName as appTotal | stats count by appName resultCode as appResult | eval resultPerc=rount((appResult*100)/appTotal, 2) and have that s...
I have three devices, each with its own sourcetype. I am trying to combine the fields src with src_ip and dst with dest_ip into new table fields called Source IP and Destination IP from the results o...
...sing IN operation from another main search as show in the second code snippet. ``` index=main label=y userid=tom | fields associateddev | eval list_value = replace(associateddev,"{'","") | eval l...
Hi Community! I have a problem to extract a table in an XML event. The data looks like this <data type="info" text="sales:
VW;1;30.000;
Bentley;1;70.000;
Seat;1;...
...se the join for this query.
This helped however I am unable to utilize the index drill down for each in the search otherwise the query is 75% white noise.
index=jedi OR index=sith
| eval name=c...
I'm trying to create a timeline using the Timeline Custom Visualization of future or historical saved searches in order to get an overview of when the searches are run as well as their duration. T...