Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
20,000 results
Sorted by:
03-09-2021
11:54 PM
hi why my where condition doesnt works please? `boot`
| fields host Name Path DegradationTime
| stats max(DegradationTime) as DegradationTime by Path
| where DegradationTime>1
| e...
- Tags:
- other
Labels
- Labels:
-
other
Show results in replies (3)
-
...000),0) | where DegradationTime>1 | rename DegradationTime as "Degradation time (seconds)"
-
It looks you rename DegradationTime field.. Did you tried where condition before rename?? It's w...
-
...egradationTime" by Path | eval "DegradationTime" = round(('DegradationTime' / 1000),0) | where DegradationTime&g...
12-09-2020
03:38 AM
I was working with where command like below- index=abc|where (id=1ORid=2ORid=3) In between id field I have used OR operator and by mistake I haven't used space before a...
Labels
- Labels:
-
using Splunk Enterprise
3 weeks ago
Hi Community, how do i combine where and eval? Available field are "Gear" and "Torque_ Crankshaft " Discribed in my human brain / language 😉 eval "Torque_ Wheel " = (where ("Gear"=1 == ("T...
10-15-2020
10:49 PM
...y query is like below, sourcetype="my-data" |stats count by tags|where tags="class*" But I am getting 0 results, as where class is taking only exact values and not "class*" I want my result as b...
- Tags:
- Splunk Enterprise
Labels
- Labels:
-
stats
02-24-2020
05:15 AM
I am trying to run the following tstats search:
| tstats summariesonly=true estdc(Malware_Attacks.dest) as "infected_hosts" where "Malware_Attacks.action=allowed" from datamodel="Malware"."M...
06-07-2019
12:31 AM
1 Karma
required
if (a $lt; b)
eval c=round(((b-a)/b)*100),0)
print c
else
print "no change"
How to get this through splunk query?
04-18-2018
01:53 PM
Hi All,
I am trying correlate 2 different search queries using where with subsearch
it goes like this:
host="host1" | table Value1
above search give result : 40
host="host2" | where V...
12-29-2020
04:55 PM
...ubject values(hops_ip) as SenderIP values (ref) as Reference by ref |where like(senderIP, "10.%) Not sure where went wrong, senderIP which is not 10.% is still showing. I did noticed t...
Show results in replies (4)
-
your SenderIP is multivalue. it can't work with where like() If you only know the logs, you s...
-
Hi Scelikok Yes that's correct, its not showing right after i've moved the where clause t...
-
I think this is correct, where can only filter a single value. Have tried, whenever there is only s...
-
...alues(subject) as Subject, values(hops_ip) as SenderIP by ref |where like(SenderIP, "10.%") | rename r...
08-09-2020
09:14 AM
...nput This is the search query i used for the panel where i received the error How do I fix this error?
