Splunk Search

Dashboard not populating as they have $ symbol in some field values, is there another way?

power12
Communicator

Hello Splunkers

I have the following search.The search works fine when running it but when its saved as a panel in a dashboard it complains saying waiting for input  as some of field values  for state have $ in them("5-drained$") ...is there any other way to change the search to ignore it

 

index=abc
| chart latest(state_sinfo) as state by node 
| stats count by state
| eval {state}=count 
| fields - count
| replace allocated WITH "1-allocated" IN state
| replace "allocated*" WITH "1-allocated*" IN state
| replace "allocated$" WITH "1-allocated$" IN state
| replace "completing" WITH "1-completing" IN state
| replace "planned" WITH "1-planned" IN state
| replace idle WITH "2-idle" IN state
| replace "idle*" WITH "2-idle*" IN state
| replace maint WITH "3-maint" IN state
| replace reserved WITH "4-reserved" IN state 
| replace down WITH "5-down" IN state
| replace "down*" WITH "5-down*" IN state
| replace "down$" WITH "5-down$" IN state
| replace "drained*" WITH "5-drained*" IN state
| replace "drained$" WITH "5-drained$" IN state
| replace "drained" WITH "5-drained" IN state
| replace "draining" WITH "5-draining" IN state
| replace "draining@" WITH "5-draining@" IN state
| replace "reboot" WITH "5-reboot" IN state
| replace "reboot^" WITH "5-reboot^" IN state
| sort +state

 

 Thanks in Advance

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Double up your dollars

| replace "allocated$$" WITH "1-allocated$$" IN state
0 Karma

power12
Communicator

@ITWhisperer  I want it as 1-allocated$ ...is there a way...i dont want an additional $

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Have you tried it in your dashboard? The double dollar should get converted to a single dollar when it is executed.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...