I want to use the setfields command to set fieldA to a particular value. That value is located in fieldB. How can I make setfields take the value of the field rather then the field name....
...unction but that's not exactly sure how it could help here.
A timechart of percentage difference would be ideal.
index="blah" earliest=-192h latest=-168h | setfields when='1 week ago' | eval _...
...xcept adding to the end of the basic search a string:
...| setfields 30="30", 50="50", 70="70" | table 30 50 70 | head 1
But in my xml structure this table search replaces the main search a...
...m (?<Name>.*)" | stats count Count by Name
Q2:
I already tried
I am | setfields Name = 0 | rex "I am (?<Name>.*)" | where Name != 0 | stats count Count by Name
Somehow it d...
...ime period of time 7am-8pm I have this query :
index="pcg_p4_datataservices_prod" sourcetype="be:monitoring-services"
| setfields a=a
| rex "^[^\|\n]*\|\s+(?P<kafka_datatype&g...
...his specific example I tried the following
| inputlookup datastore
| search [setfields server_ip="10.22.10.250" | lookup dnslookup clientip as server_ip output clienthost as server_fqdn | f...
we are currently exploring splunkjs for rendering data in our custom app. we are able to authenticate and display charts based on searches directly from webapp but having difficulty in integrating wi...
In each log event, I have 3 fields that keep a record count of the number of rows inserted, updated and deleted. I am able to grab statistics on each of these fields (e.g. average, 2 standard deviati...
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...