Think that yould help you? https://answers.splunk.com/answers/667635/how-to-round-a-millisecond-output.html have to set "eval avg_ping=round(avg_ping,0)" to "eval avg_ping=round(avg_ping,2)" ... View more

If you recently upgraded (or are planning to upgrade) the Splunk_TA_windows app, then you might consider using my new Upgrade Planner for Splunk Add-on for Windows app to see if you have any Knowledge Objects that are compatible with the new sourcetypes: https://splunkbase.splunk.com/app/4594/ ... View more

My question now is where does the Splunk Enterprise file go? usually you find the file in the directory where the wget command was executed? or is there any way for me to 'get' that downloaded Splunk Enterprise file and use it for the other machines? Depends on how much, if just a few VMs then SFTP it to the other VMs otherwise I would suggest Ansible as @tiagofbmm ... View more

I got a simmilar problem, but with {} in the fieldname. I guess any other special characters in the field name is problematic and require a rename of the inputfieldname. Had to rename the field like this to make it work: rename results{}.dob.age as dob_age ... View more