Cisco
Search results
Feb 1, 2023 · I have two fields, application and servletName. I'd like to have them as column names in a chart. I'm currently trying to use eval to make a new variable named fullName, and concatenate the values for application and servletName with a dash(-) in the middle. How do I do this? Thanks, Brett
Jun 2, 2015 · Yep. and by the way "AND" is kinda funny in Splunk. It's always redundant in search, so although Splunk doesn't give you an error, you can always remove it when you see it in the initial search clause, or in a subsequent search command downstream. Another way of looking at this is that Splunk mentally puts an "AND" in between any two terms ...
Jul 24, 2024 · Hi Splunky people! We are excited to share the newest updates in Splunk Enterprise 9.3! Admins and Analyst can benefit from: Seamlessly route data to your local file system to save on storage costs, enhance auditing, ensure compliance, and more, without indexing unnecessary data in Splunk. Save ti...
Jan 27, 2014 · You wanted, in your comment to know if splunk is processing left to right association. WHEN YOU RUN A QUERY LIKE THAT,SPLUNK PROCESS THE EVENT IN THIER ARRIVING ODER. CONCERNING THE QUERY, splunk proces from left to right, But NOTE THAT all the search element are always process. AND NO Matter the order of OR and AND the other of the resulting ...
Oct 19, 2012 · How do you use this in, say, a custom app's input panel? If I try running the 'rest /services/data/indexes' search, I get "No results found", even with the time set to "All time".
Jul 3, 2014 · Hi All, Can someone please explain how I use a wildcard character in the middle of a search string? For example, if I want find all gmail addresses that start with the letter 'a', I thought I could search for emailaddress="a*@gmail.com, however this returns all records. I guess I have to use a regex...
Apr 25, 2012 · Solved: I have read through the related answers to questions similar to this one, but I just can't make it work for some reason.
Jan 9, 2017 · The eventstats works on the dataset/result available to it (all result in whatever format available just before eventstats command is invoked), and without altering it, adds new information/column.
Jan 31, 2018 · Get Updates on the Splunk Community! Upcoming Community Maintenance: 10/28 Howdy folks, just popping in to let you know that the Splunk Community site will be in read-only mode ...
May 21, 2015 · Hi there - I know how to search for parameters/variables that equal X value...but how to I construct a query to look for a parameter/variable containing ______? For instance - instead of "itemId=1234", I want to search for "itemId CONTAINS 23". Hopefully this makes sense! :) Thanks in advance for yo...
