Hi Have you ever login into splunkbase.splunk.com? It could be so that you must 1st login with browser and "register" your splunk.com user into that site? It has been so long time when I have done this last time that I cannot recall it now.  But as @gcusello said, If it isn't work with entering your splunk.com id and password, then just login to splunkbase.splunk.com with browser and download app and then install it. Anyhow I prefer that method, as then I could store those apps into local repository to get those exact versions later on if/when needed. In splunkbase there are many apps which has only one or few newer versions for download but not earlier. r. Ismo

Hi @vihshah, if you only need to search in a main search using a secondary search fiel, you have to use a subsearch, putting attention that the field name must be the same in both the searches (field names are case sensitive) if they are different, you have to rename the one i the subsearch, so something like this: index=index1 [ search index=index2 | fields my_field ] | ... If instead you need to use also fields from the second seacrh you have to use a different approach. Ciao. Giuseppe

as @PickleRick said this is how email works. As you have there 3 separate email even account admin@foo.bar will be as cc on all of those. There is no way how you can separate those into three separate emails with to-recipients and then merge those again into one for cc-recipient. If you want that this works like you want, then you must change your process and handle this someway different way. Could you e.g. separate alert for two part: one for to recipients and second one for cc recipients? Unfortunately I'm afraid that this generates some other issues to you

Hi You should check from https://advisory.splunk.com/?301=/en_us/product-security.html in which version Splunk has fixed this. Then update your environment at least to that version or even better if you could go to the latest one. You could check which openssl version you have. in splunk by splunk version Splunk 9.1.2 (build b6b9c8185839) splunk cmd openssl version OpenSSL 1.0.2zi 1 Aug 2023 This works both Splunk server and UF. r. Ismo 

It's not up to Splunk. It's up to the email infrastructure. In the end email to many recipients ends as many single emails in each of the recipient's mailbox. So i'm not quite sure what you want to achieve here.

Hi you can use same license on those, but only one can be active at the same time. If you need use it on both at the same time you must use license server where you put it and then both (or another one) is as license client for it. Another option is ask that Splunk support will split that license to two separate license file. r. Ismo

@isoutamo  No sir, its not about duplicates. z Let me be more clear then. Example : Below is my example result from alert search. Instance Name Owner Tags i-test1 Test1@gmail.com Incorrect i-test2 Test2@gmail.com Missing i-test3 Test3@gmail.com Missing Now I have to send email to these three users with all of them in "to" field. How I am setting email address ? using $result.Owner$. This is getting all three emails returned from result and alert notification is getting sent. But it is getting sent as three separate emails. One email to Test1@gmail.com, Another separate email to Test2@ge.com Third separate email to Test3@gmail.com For all of these three emails , admin@gmail.com is in CC.  This is just an example with 3 users. But like this there are 100 owners and different instances. Sending separate emails to all 100 users with admin@gmail.com will burden emailbox of admin@gmail.com and also follow up will be difficult. So, I have to send one email notification with all test1@gmail.com, test2@gmail.com and test3@gmail.com in "to" field and admin@gmail.com in Cc.  This just sends one email with all owners in to field. I want to achieve this using action.email.to.  This is my whole requirement. Please help me Regards, PNV

Hi @LearningGuy, You can add a statistics table to show all values like below addition to @ITWhisperer solution; <dashboard version="1.1" theme="light"> <label>Test</label> <row> <panel> <chart> <search> <query>| makeresults format=csv data="StudentID,Name,GPA,Percentile,Email 101,Student1,4,100%,Student1@email.com 102,Student2,3,90%,Student2@email.com 103,Student3,2,70%,Student3@email.com 104,Student4,1,40%,Student4@email.com"</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="charting.chart">column</option> <option name="charting.drilldown">none</option> <option name="charting.data.fieldShowList">[Name,GPA]</option> </chart> </panel> </row> <row> <panel> <table> <search> <query>| makeresults format=csv data="StudentID,Name,GPA,Percentile,Email 101,Student1,4,100%,Student1@email.com 102,Student2,3,90%,Student2@email.com 103,Student3,2,70%,Student3@email.com 104,Student4,1,40%,Student4@email.com"</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> </row> </dashboard>