Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Issue with updating dashboard with new results

Trex1
Explorer
‎12-28-2021 01:31 PM

Hi there,

I've set up a dashboard with various columns, one of them outputs a  number field which has a comma(,) in it. I can remove the comma using the following command rex field=SurveyAnswers mode=sed "s/\,//g"  where SurveyAnswers is the table name. This works fine in a separate search, however the same command doesn't work when I try to update it in my dashboard and save. Any ideas ??? Thanks

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-28-2021 02:03 PM

Please share the full dashboard query where SurveyAnswers is being modified.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Trex1
Explorer
‎12-28-2021 02:26 PM

HI @richgalloway  here is the query. 

index=adobe sourcetype=marketing "voiceofcustomerdetail" records(s)
|rex field=_raw "^(?:[^\t\n]*\t){6}(?P<SurveyAnswers>[^ ]+)"
|sort -_time
|eval Date = strftime(_time,"%Y-%m-%d %H:%M:%S")
|eval Status=if(isnotNull(Date),"Processed","NOK")

|rex mode=sed field=SurveyAnswers "s/,//"
|table Date SurveyAnswers Status

0 Karma
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...