Hi, I've been told, that using field extractions on json is not best practis and that I should use calculatedfields instead. In some cases thats easy and I can use replace or other methods to do t...
...field name which i could create an alias of.
So i tried to extract them with calculatedfields...
com_cf_sensor_xyz = if(valueName="Sensor_xyz", value, "")
When I search the corresponding s...
...se the where function to compare two fields I get no results. I am searching a list of hostnames, setting a threshold to compare against, and trying to display only events that are older than the set t...
...6
How would I go aboutcalculating the percentage of shapes that a heavy by color_and_shape?
I tried doing ...| eval pct=sc/total
but this does not work.
...3.420 I should mention too that only the time portion, not the date, will need the difference calculated. The YYYY-MM-DD will always be the same between _time and lockTime.
Hello, Recently I added a question about how I could extract fields or get a table from a json input (https://community.splunk.com/t5/Splunk-Search/Field-extraction/m-p/517524#M145531). The s...
...ations are then of course wrong, but that's not the point).
So my question is:
Why does removing/adding the append command changes the value of a previous calculatedfield?
I have a...
I'm having trouble getting a duration between two timestamps from some extracted fields. My search looks like this: MySearchCriteria index=MyIndex source=MySource
| stats list(E...
Dears,
We have two fields in the one index, we need to compare two fields then create a new field to show only on it the difference between two fields.
Below one of example from the results f...