Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
33 results
Sorted by:
02-23-2021
05:44 PM
Given this search: | walklex index=web prefix=host what is the value contained in 'source'? source = web~22~F3E2588C-834C-4B2A-B12B-3845A69B5304 I thought this might be a bucket id but it d...
Labels
- Labels:
-
other
07-05-2018
02:41 AM
Hello splunkers,
I'm trying to visualize one of my .tsidx file with the splunk "walklex" command, in order to see my segmentation improvements. Here is my code (Windows command line)
set S...
03-24-2020
08:33 PM
Does KO explorer show which fields are indexed and which not? This has always been a challenge and anything which does this would be helpful.
I couldn't find a direct answer in the doc or screensho...
07-06-2011
09:16 AM
2 Karma
I've added an index time field extraction which overlaps with a delimiter based search time extraction. i think i've got the settings right, but i can't use the fact that the field is available from...
- Tags:
- index-time
03-17-2020
10:50 AM
For an events index , I would do something like this:
|tstats max(_indextime) AS indextime
WHERE index=_* OR index=*
BY index sourcetype _time
| stats avg(eval(indextime - _time)) AS latency BY ...
03-27-2022
05:26 AM
How to convert below query where summarization status is unknown .
| index="netsec_firewall" sourcetype="pan:traffic" action="allowed" app:technology="client-server"
| stats first(start_time) AS ...
- Tags:
- query
Labels
- Labels:
-
alert condition
04-01-2020
06:48 AM
| tstats count where index=proxy AND sourcetype=dns earliest=-7d by _time, ComputerName span=1h
| xyseries _time, ComputerName, count
So this is an actual field with an actual value and it isnt ...
10-27-2020
10:51 PM
1 Karma
Hi, How to find whether a field is extracted at index time (or) search time?
Labels
- Labels:
-
field extraction
05-20-2020
12:02 PM
Just wondering if its possible to get data volume / size from TSTATS.
I know you can do something like this to get counts (events/per sec)
| tstats count WHERE index=* by index| eval events_per...
02-03-2016
08:25 AM
We are using a CSV input, which generates indexed extractions - some of the field values contain spaces.
Here is some walklex output that shows the values captured in the .tsidx
1887 2 p...
