About smiththebest

smiththebest · ‎09-30-2019

Thank you, my issue is there are about 50 + useful fields out of 250 odd total fields, this means my lookup need to be 50 files. I think it is better to do just replace command in search for the value in fields?

smiththebest · ‎09-14-2019

My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Example if field10=3, I need to map to earth, field10=4, map to mars so on. If field11=4, map to blue, field11=5, map to red and so on. Please help with an example format of lookup csv and how to use it in the search bar so the searched events in the output show with the mapped values. thank you

koshyk · ‎05-08-2019

Splunk is doing correctly, coz field1, field10,field2 i correct ordering. The only way i could think of is to "pad" your field names with zeroes, so it becomes field001, field002,field003... , field010,field011.... field100,field101 etc Inroder to do that 1. Do it manually one time (may be easier here).=> Just put each field to do rename eg: |rename field1 as field001 and put as a macro . So your search should be . => ...| rename_my_fields | table field* 2. Do using some kind of regex to pad ....|foreach field* [eval newfield=<<FIELD>>] table field*

smiththebest · ‎04-13-2019

Thank you so much, that is what I have been looking for and did not find in answers or was not able to locate!

Posts	6
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎04-12-2019

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

please help on how to achieve the below kind of lo...

Lookup table for lot of fields

sort the columns numerically in table *

How can I normalize timechart with field values ha...

Re: please help on how to achieve the below kind o...

Lookup table for lot of fields

Re: sort the columns numerically in table *

Re: How can I normalize timechart with field value...

Join the Conversation