Splunk Search

How do I change the value of a field if a condition occurs?

diogenesloazeve
Engager

Hi community!

I'm using Splunk Entreprise to create dashboards with my client's ServiceNow incident information.

  1. My company only look at tickets from assignment_group A.
  2. So, I have a ticket X that belongs to assignment_group A with Status "New".
  3. However, this ticket changed to assignment_group B and is no longer serviced by my company. This will result in a second ServiceNow extraction, that ticket will not appear.

So, I need to create a logic so that when this happens, Splunk changes the Status of ticket X to "Reassigned".

Does anyone know how to do this?
Thanks!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...