topic How to add multiple attributes in single query in Dashboards & Visualizations https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-multiple-attributes-in-single-query/m-p/545263#M37445 <P>Hi Everyone,</P><P>I have one requirement.</P><P>I am creating one alert and the query is below:</P><P>index=abc <STRONG>ns=blazepsfpublish</STRONG> "NullPointerException" | rex "message=(?&lt;ExceptionMessage&gt;[^\n]+)"|dedup ExceptionMessage,ns|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|table app_name, ExceptionMessage ,_time, environment, pod_name,ns|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name</P><P>My requirement is that I have multiple 6-7 ns and I want to include them in same query rather then appending.</P><P>Can someone guide me on this .</P><P>Below are my ns names:</P><P>sidh-datagraph</P><P>datagraph</P><P>etc</P><P>How can I include all ns&nbsp; &nbsp;in single query</P> Thu, 25 Mar 2021 06:16:46 GMT aditsss 2021-03-25T06:16:46Z How to add multiple attributes in single query https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-multiple-attributes-in-single-query/m-p/545263#M37445 <P>Hi Everyone,</P><P>I have one requirement.</P><P>I am creating one alert and the query is below:</P><P>index=abc <STRONG>ns=blazepsfpublish</STRONG> "NullPointerException" | rex "message=(?&lt;ExceptionMessage&gt;[^\n]+)"|dedup ExceptionMessage,ns|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|table app_name, ExceptionMessage ,_time, environment, pod_name,ns|rename app_name as APP_NAME, _time as Time, environment as Environment, pod_name as Pod_Name</P><P>My requirement is that I have multiple 6-7 ns and I want to include them in same query rather then appending.</P><P>Can someone guide me on this .</P><P>Below are my ns names:</P><P>sidh-datagraph</P><P>datagraph</P><P>etc</P><P>How can I include all ns&nbsp; &nbsp;in single query</P> Thu, 25 Mar 2021 06:16:46 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-multiple-attributes-in-single-query/m-p/545263#M37445 aditsss 2021-03-25T06:16:46Z Re: How to add multiple attributes in single query https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-multiple-attributes-in-single-query/m-p/545266#M37446 <P>Use IN like this</P><LI-CODE lang="markup">index=abc ns IN ("blazepsfpublish", "sidh-datagraph", "datagraph") "NullPointerException" </LI-CODE><P>Or use OR like this</P><LI-CODE lang="markup">index=abc (ns="blazepsfpublish" OR ns="sidh-datagraph" OR ns="datagraph") "NullPointerException" </LI-CODE><P>Hope this helps</P> Thu, 25 Mar 2021 06:27:26 GMT https://community.splunk.com/t5/Dashboards-Visualizations/How-to-add-multiple-attributes-in-single-query/m-p/545266#M37446 bowesmana 2021-03-25T06:27:26Z