Activity Feed
- Posted Convert decimal date time value in CSV export in Excel on Other Usage. 01-05-2024 06:36 AM
- Tagged Convert decimal date time value in CSV export in Excel on Other Usage. 01-05-2024 06:36 AM
- Tagged Convert decimal date time value in CSV export in Excel on Other Usage. 01-05-2024 06:36 AM
- Tagged Convert decimal date time value in CSV export in Excel on Other Usage. 01-05-2024 06:36 AM
- Karma Re: Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end for woodcock. 06-05-2020 12:48 AM
- Got Karma for Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end. 06-05-2020 12:48 AM
- Karma Re: How to display the count in piechart as labels for peter_krammer. 06-05-2020 12:46 AM
- Got Karma for Knowledge base within splunk. 06-05-2020 12:46 AM
- Posted Re: Remove duplicate values from a multivalue field on Splunk Search. 09-16-2016 06:50 AM
- Posted Re: Remove duplicate values from a multivalue field on Splunk Search. 09-16-2016 12:58 AM
- Posted Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end on Splunk Search. 03-03-2016 12:03 PM
- Tagged Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end on Splunk Search. 03-03-2016 12:03 PM
- Tagged Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end on Splunk Search. 03-03-2016 12:03 PM
- Tagged Transaction or Stats - need multiple starts and ends without the hundreds of thousands of events between each start & end on Splunk Search. 03-03-2016 12:03 PM
- Posted Knowledge base within splunk on Knowledge Management. 04-07-2014 06:24 PM
- Tagged Knowledge base within splunk on Knowledge Management. 04-07-2014 06:24 PM
- Tagged Knowledge base within splunk on Knowledge Management. 04-07-2014 06:24 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 1 |
01-05-2024
11:09 AM
1 Karma
This is really an Excel question rather than a Splunk question. In Splunk, date-times are stored internally as the number of seconds since 1/1/1970, whereas in Excel, date-times are stored internally as the number of days since 1/1/1900 (I think). Just format the cell as a date in Excel.
... View more
03-04-2016
04:02 PM
1 Karma
Let's assume you have a field called status that has (at least) values like start and end ; then you can use streamstats like this:
... | streamstats count earliest(_time) AS startTime latest(_time) AS endTime latest(status) AS lastStatus | count(eval(status="start")) AS sessionID | stats values(*) AS * BY sessionID
... View more
04-07-2014
07:24 PM
2 Karma
hi,
yes, this is an interesting use case, it's one of the features of the commercial Splunk App for Enterprise Security. A couple of links:
http://docs.splunk.com/Documentation/ES/3.0.1/User/Notableeventsandincidentworkflow
http://docs.splunk.com/Documentation/ES/3.0.1/User/NotableEvents
... View more
