Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
616 results
Sorted by:
06-28-2018
07:41 AM
...| fillnull | untable _time sasl_username "Dest in 5m"
| eval date_hour=strftime(_time,"%1H")
| chart avg("Dest in 5m") over date_hour by sasl_username
timechart let me to fill null v...
08-26-2015
08:41 AM
1 Karma
Hello,
I have a search returning some results that look like this:
sourcetype="somesourcetype" [ search sourcetype="somesourcetype" ... | top limit=100 email | fields + email ] | stats count b...
05-13-2020
11:28 AM
...raw - eventtype - host - source - sourcetype
| table *
| untable _time FieldName FieldValue
| stats count as Event_count, dc(FieldValue) as distinctCount, mean(FieldValue) as mean by _time F...
02-04-2018
02:02 AM
...olumn:
index=x|stats sum by Total, Model
I was trying to do the following:
Unpivot\Untable all values of columns into 1 column, keep Total as a second column.
The result should look like:
M...
2 weeks ago
11-26-2015
06:19 AM
1 Karma
Hi-hi!
Is it possible to preserve original table column order after untable and xyseries commands?
E.g.:
...
| table period orange lemon ananas apple cherry (and I need right this s...
11-29-2017
10:23 AM
...TD_AVERAGE
MTTR . 10 . 7.1 . 10.3 15.1 . 13.1
I have been working through untable and some stats formats but cannot seem to get this working.
06-16-2020
02:31 PM
...imestamp. I untable the events using this syntax: ...| untable _time FieldName FieldValue The results appear as this: _time FieldName FieldValue 2020-06-16 12:51:53 EventCode 1257 2020-06-1...
Labels
- Labels:
-
other
09-01-2020
02:02 PM
...he following search structure: [base search]
| timechart limit=0 span=1d useother=false count as "Row 1" by sourcetype
| fillnull
| reverse
| untable _time, sourcetype, "Row 1"
| eval Time= s...
Labels
- Labels:
-
timechart
01-30-2019
11:19 AM
1 Karma
sample query:
index=foo "string of data"="age needed"age earliest=-5d
| stats dedup_splitvals=t , values(_time) AS _time by dept, "age_needed"
| sort department
| fields - _span
| eval conv_...
