Jul 10, 2019 · index=myIndex FieldA="A" AND LogonType IN (4,5,8,9,10,11,12) The documentation says it is used with "eval" or "where" and returns only the value "true". But it …

View our Tech Talk: Platform Edition, Search Basics in Splunk Search Basics is one of the most important learning topics for new users getting started with Splunk. Splunk’s powerful search …

Feb 3, 2012 · Rather than bending Splunk to my will, but I found that I could get what I was looking for by altering the search to split by permutations (one event returned per permutation) …

Find Answers Using Splunk Splunk SearchOptions

Oct 21, 2019 · Review Get started with Search and familiarize yourself with Splunk Web. For extra credit, Splunk Cloud users can complete the Splunk Cloud Search Tutorial, and Splunk …

Feb 22, 2016 · Is there a best way to search for blank fields in a search? isnull() or ="" doesn't seem to work. Is there way to do this? The only thing we have been able to do is do a f-llnull …

May 24, 2012 · I'm working on a really large search right now (on the order of 35 lines long). Is there a good way to insert a comment into a search query to remind a future search editor …

Aug 23, 2023 · Note: I am absolutely NOT interested in how to use date ranges. Which is all you find when you try to google anything to do with 'search' and 'date' as concepts together. I …

Sep 4, 2018 · Hi griffinpair, try something like this: your_search NOT [ search sourcetype="si_Export_FileMissed" earliest=-24h@h | eval clearExport = ClientID + " " + …

Oct 20, 2014 · How to search for events that have null values for a field?