cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sk8asd123
Engager
Member since: ‎10-31-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 16
Karma Received 2
Member Since ‎10-31-2014
Activity Feed
View All

Re: How to parse a json tree into a table?

by in Splunk Search
‎12-04-2015 03:11 PM
‎12-04-2015 03:11 PM
Can you edit props.conf to process json files? http://docs.splunk.com/Documentation/Splunk/latest/Admin/Propsconf?utm_source=answers&utm_medium=in-answer&utm_term=props.conf&utm_campaign=refdoc and then something like: search | rex "(?\{.*\})" | spath input=json_input |table fields ... View more

How does Splunk decide which rows to display in to...

by in Splunk Search
‎09-19-2015 02:29 PM
‎09-19-2015 02:29 PM
for example here's the full data: widgets total item1 10 item2 8 item3 8 item4 8 item5 8 item6 4 and you have a query like |top widgets limit=2. There are is a 4 way tie for the second highest total, but Splunk will only show 2 rows. How does Splunk decide which row to show? What is a best practice to show item1,item2,item3, item4, and item5 (and not item6) in the results? ... View more

How can I group timechart data by day if the day s...

by in Splunk Search
‎10-31-2014 03:52 PM
2 Karma
‎10-31-2014 03:52 PM
2 Karma
I'm currently running this search <data> | timechart span=24h count by day This gives me from midnight to midnight, but I need 10 p.m. to 10 p.m. to capture a 'work day' ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to