Activity Feed
- Posted Re: How to use "setfields" command to assign the value based on field value rather than field name? on Splunk Search. 07-29-2020 01:56 PM
- Posted How to use "setfields" command to assign the value based on field value rather than field name? on Splunk Search. 07-29-2020 12:12 PM
- Posted how to refer to data between 2 sourcetypes on Splunk Search. 07-25-2020 08:03 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
07-29-2020
01:56 PM
My FieldA contains a mixture of 2 values, OSType and Null, total count is 587. My Field B contains 1 value OSType and has a count of 4. I am trying to set the 587 count of FieldA values to value of the OSType. Based on this scenario, what do you suggest. In the end I want all 587 FieldA values to equal the OSType, thus eliminating the Null value. Thanks
... View more
07-29-2020
12:12 PM
I want to use the setfields command to set fieldA to a particular value. That value is located in fieldB. How can I make setfields take the value of the field rather then the field name. setfields fieldA=fieldB sets A to the string "fieldB".
Thanks.
... View more
Labels
- Labels:
-
fields
07-25-2020
08:03 AM
I am running a search against my windows event logs, lets call it sourcetypeA. I need to use the IP address obtained form sourcetypeA to lookup up the host information from sourcetypeB. The end result needs to display the timestamp and other information from sourcetypeA and use the host information from sourcetypeB. Subsearching so far has not seem to resolve the problem. I merely need to use sourcetypeB as sort of a lookup table to plugin the host information found.
... View more
