What exactly is being operated on when you are in the screen "Edit Attributes with anEvalExpression"
In my mind what I want to do is the following. I have a Root Object defined which returns v...
...on't know how to used regular expression to replace the string, or its more easier to filter them out before input in to index?
any idea?
THanK you.
...uccessful mail handling events. The input source breaks out the root domain of the sender and receiver into individual fields, and I want to be able to say
| where sender_domain=r...
...ytes are too high, I'd like to show in Gb, ou Mb, instead of bytes.
The field auto-extracted from the datamodel is bytes. I've tried to create aneval field that contains Bytes/1073741824 to t...
Hi All,
I'm trying to create data-model so I would be able to use the "Pivot" for all my fields.
I run into trouble defining my multi-value field, the Pivot doesn't allow it to be added to t...
...he values.
I created a query in the calculated fields that should translate all the values in the Action field to the strings allowed and blocked as supposed to be in the Network Traffic Data Model....
Hi,
from the logs, i have extracted the below data(table1). I would like to addanother column as in Table2 with custom keyword if filename begins xyz then "Core".
Please could you suggest what s...
In my Splunk diag, I see a lot of warnings from my Palo Alto Networks Add-On:
-0600 WARN CalcFieldProcessor - Invalid evalexpression for 'EVAL-url_length' in stanza [pan:threat]: The expression i...
...asy enough to add children that narrow the search result to just the lines that contain XML data, but I'm not seeing a way to easily add all XML attributes (short of 1 by 1 single extractions)
Am I...