...vg(field_a) AS field_a avg(field_b) AS field_b avg(field_c) AS field_c by host
| rename host AS hostname
Nothing too complicated.
The events in the summary index similarly look right. E.g....
...sername, webservicename, count, avg(WSTotalTimeValue), max(WSTotalTimeValue), perc95(WSTotalTimeValue)
I've tried a variety of stats, bin, chart, etc. commands to try to get it to work, but the syntax i...
...pplicationName,Version
|stats values by Artefact
| rename values(*) as * This produces the desired table format however some of the dynamic columns produced by "|eval {Environment}:{A...
Hi All,
I have indexed the XML file without breaking it into events, I need to break the events using on tag. Hence can i achieve this using the search head?
Example
I need to break the e...
...t such that if a user has been removed from an AD group and added back in within one hour, then it would be ignored.
Here are examples below. EventCode 4729 is a user getting removed and 4728 is a u...
I have a log file that was |delete 'd from the index using search. I want the file back in the index. I did several steps of adding and removing the file as a Splunk input and restarting the machi...
I have a simple-xml Splunk dashboard with a base query, and two post-processing queries inheriting from the base. However, when I load the dashboard, it always says "No results found." When I click t...