location that is AM. Where AM location should be the combination of (AB,AC,AD,AF) Like this i need: First, "the combination of (AB,AC,AD,AF)" is NOT "AM" in your illustration.  The illustration is the opposite of what you described. (Also, please use text table instead of screenshot.) Second, for your initial question, I notice that you filter for "HU1","IA2","IB0".  Of course you will only get whatever definition you give for these three.  I think what you wanted is   ``` |search location IN ("HU1","IA2","IB0")``` ``` ^^^ no filtering ``` |eval row=if(location IN ("HU1","IA2","IB0"),location,"AM") |stats c by row   But back to your new example.  Here is an emulation   | makeresults format=csv data="Location AB AC AD AE AF AG AH" ``` data emulation above ``` | eval "New Location" = if(Location IN ("AB","AC","AD","AE","AF"),Location,"AM")   Location New Location AB AB AC AC AD AD AE AE AF AF AG AM AH AM Is this what you illustrated?

Great this works. i went ahead and added eval to it  table client,transaction | eval user_transaction = client . "-" . transaction now the second query returns below result 2024-01-16 19:08:13.3284 [43] INFO [.ServiceClassTraCack] 0LO19-1901631 Report Finished successfully at 7:08:13 PM on 1/16/2024 my first query is returning result as 0LO19-1901631, i want to match these results to above query along with Report Finished snippet

Hi,  I had the same output on a centos7. I added the option -v to get more verbosity and I was able to see that the installer cannot generate the certificate. Creating HTTPS cert... Aborting https cert create. File already exists Shell command: openssl x509 -in /opt/phantom/etc/ssl/certs/httpd_cert.crt -pubkey -noout Initialization function create_https_cert failed! Traceback (most recent call last): File "/opt/phantom/bin/initialize.py", line 965, in initialize func() File "/opt/phantom/bin/initialize.py", line 334, in create_https_cert cert_tools.create_https_cert(group=group, force=force) File "pycommon3/phantom_common/cert_tools.py/cert_tools.py", line 123, in create_https_cert File "pycommon3/phantom_common/phproc.py/phproc.py", line 269, in run File "pycommon3/phantom_common/phproc.py/phproc.py", line 379, in __init__ File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 951, in __init__ self._execute_child(args, executable, preexec_fn, close_fds, File "/opt/phantom/usr/python39/lib/python3.9/subprocess.py", line 1821, in _execute_child raise child_exception_type(errno_num, err_msg, err_filename) FileNotFoundError: [Errno 2] No such file or directory: 'openssl' Done. I installed openssl and I was able to complete the installation.

This is a known issue in versions before 6.2, where it is fixed. Until you're able to upgrade, you have a couple of options: Ctrl+A on the output so the output is all highlighted Change to light theme Click your username in the upper right Account Settings Change Them to Light Theme

I got the same error when sslPassword was wrong for a particular outputs.conf entry.   I determined even if you disable cert validation sslCertPath, sslPassword, and sslRootCAPath must all point at valid files, and they weren't inherited from a higher level so they must be set if the remote host is ssl.   You can check if they are set elsewhere you can copy and paste into your config by using $SPLUNK_HOME/bin/splunk btool outputs list --debug

@yuanliu Let's assume for example in my data I'm having loction sites - AB,AC,AD,AF. I want new location that is AM. Where AM location should be the combination of (AB,AC,AD,AF) Like this i need: I tried this query as you mentioned earlier, but it doesn't work.