×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
bosch_softtec
Path Finder
Member since: ‎11-02-2016
‎06-05-2020
Community Statistics
Posts 16
Solutions 0
Karma Given 1
Karma Received 4
Member Since ‎11-02-2016
Activity Feed
Topics I've Started
View All

Re: What is the XML syntax to hide panels with two...

by in Dashboards & Visualizations
‎02-09-2021 05:42 AM
‎02-09-2021 05:42 AM
According to the Docs-Link provided by woodcock, depends is an "AND" logic where as rejects is an "OR" logic. ... View more

Re: How to create a new field from the content of ...

by in Splunk Search
‎05-22-2019 12:05 AM
‎05-22-2019 12:05 AM
Thank you koshyk, I didn't get your suggestion working, I always get the following error: Error in 'makeresults' command: This command must be the first command of a search but it inspired me to change my querry like this: .... | rex field=bar "(?<foo2>\w+)\.\w+$" | rex field=bar "(?<foo3>\w+)$" | eval foo=if(match(bar,"bla"),foo3,foo2) That works fine for my requirements. ... View more

Re: Set zero value if there is nothing found in th...

by in Splunk Search
‎09-13-2017 01:58 AM
‎09-13-2017 01:58 AM
I've never used "lookup". With "search all" it should be possible to get alle source files. Is it maybe possible to use it like seache all sources in the last 24h and set the connection value to "0" for each source and combine the result of lookup and my querry? ... View more

Re: group different source in one querry

by in Splunk Search
‎05-17-2017 01:34 AM
‎05-17-2017 01:34 AM
@bosch_softtec... kindly read Splunk Community guideline and downvote only if the answer provided is incorrect or wrong. As you have already verified both the answers are correct. Query may be lengthy but might perform better. As it always exists with every question that there are multiple solutions, I was just giving you one more option. http://docs.splunk.com/Documentation/Splunkbase/splunkbase/Answers/Splunkcommunityguidelines You should ideally upvote all the options that work or help you and Accept the one that fits exactly as per your need. I am indeed glad that one of us was able to assist you. If rex has worked for you, next step for you should be to create a Field Extraction so that the regular expression persists as a Knowledge Object and is easy to maintain. http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ExtractfieldsinteractivelywithIFX ... View more

Re: How to combine my 2 searches?

by in Splunk Search
‎12-14-2016 07:32 AM
‎12-14-2016 07:32 AM
Thanks for the dc() and table hint, I'll check it. Your adapted search is working with appendcols. ... View more

Re: Why is Splunk not capturing new content in a C...

by in Getting Data In
‎12-12-2016 12:15 AM
‎12-12-2016 12:15 AM
Hi, it could happen that there is no change in the header or first 256 bytes. Regarding your hint, i'll change the size of the initCrcLength to a higher value and check if my problem has gone. ... View more

Re: Choropleth Map with values instead of count

by in Dashboards & Visualizations
‎11-03-2016 12:59 AM
1 Karma
‎11-03-2016 12:59 AM
1 Karma
Hi gokadroid, thanks for you answer, it's working 🙂 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
Karma given to
View All