About David_Naylor

yvassilyeva · ‎08-15-2023

@bowesmana exactly what i did - renamed macro output fields after each time i run it. Thank you.

David_Naylor · ‎04-26-2018

Create a new field using eval and list it along with the other fields you care about in a table |notablegeneratingsearch |eval pci_id="10.1" |table pci_id,alltheotherfieldsyoucareabout Alternatively could use the tag field.

somesoni2 · ‎04-26-2018

Give this a try (assuming your logged in time is identified your _time of the event) Your search which contain two fields user id and time | timechart span=1h dc(userId) as "Total Users" | eval Time=strftime(_time,"%H:%M")."--".strftime(_time+3600,"%H:%M") | table Time "Total Users"

robertlynch2020 · ‎05-14-2018

Hi I do a check for THP and to me it's off. Why do you think it is on? I check all the process and it returns nothing. grep -e AnonHugePages /proc/*/smaps | awk '{ if($2>4) print $0} ' | awk -F "/" '{print $0; system("ps -fp " $3)} ' | grep splunk

jadengoho · ‎04-26-2018

im quite confuse on the process.

p_gurav · ‎04-25-2018

Can you try using different browsers?

FrankVl · ‎04-28-2018

Alright, good luck! Looking forward to hear if you succeeded 🙂

Posts	13
Solutions	1
Karma Given	1
Karma Received	1
Member Since	‎04-25-2018

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

Re: How to run a macro multiple times in a search?

Re: Is there a way to add searchable splunk Notabl...

Re: How to find sum of particular fields by time?

Re: Splunk freezing for other users when doing lar...

Re: Installing add-on on multiple forwarder

Re: Unable to open splunk web interface with windo...

Re: Is there a way to make forwarding/indexing dec...