All Posts

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

All Posts

Re: How do i get the sum of data from the latest timestamp

by in All Apps and Add-ons
‎10-30-2023 08:37 AM
‎10-30-2023 08:37 AM
So I think i got what i needed: | stats sum(Size of data storage) by _time, "data storage name" Adding Bin added a layer of unnecessary  sum of the values. I tried a | bin span=12h _time . Also... See more...
So I think i got what i needed: | stats sum(Size of data storage) by _time, "data storage name" Adding Bin added a layer of unnecessary  sum of the values. I tried a | bin span=12h _time . Also, I was not able to get the visual correctly with the differentiated colors, had to use the trellis option, and that helped split my graph into 2 different graphs. For now, i can make due with that. But in theory, it should've split it in to different colors on the column chart, one for each data storage.

How tstats is working when some data model acceleration summaries in indexer cluster is missing

by in Splunk Search
‎10-30-2023 08:32 AM
‎10-30-2023 08:32 AM
Hello, by default, DMA summaries are not replicated between nodes in indexer cluster (for warm and cold buckets). I wonder how command tstats with summariesonly=true behaves in case of failing one n... See more...
Hello, by default, DMA summaries are not replicated between nodes in indexer cluster (for warm and cold buckets). I wonder how command tstats with summariesonly=true behaves in case of failing one node in cluster. Imagine, I have 3-nodes, single-site IDX cluster in deafult setting. What happened, when one node fails (so summaries on that node are not available) and I run search using "|tstats summariesonly=true..." on this cluster? If search spans data from primary warm or cold buckets on failed node, will I get incomplete data, right? (I think so, because appropriate summaries are missing). And if so, will I get any error message on search page? And how it change in case of multi-site cluster? I assume in case of failing one node, I should get complete data, becuase AFAIK in multi-site cluster every site has primary copy of bucket with DMA summaries. Is it right or not? I need this info because of one project I am working on. Thank you for answers. Best regards Lukas Mecir
Labels

Re: How to find the difference of two stats count

by in Splunk Search
‎10-30-2023 08:29 AM
‎10-30-2023 08:29 AM
index=US_WHCRM_int   sourcetype="bmw-crm-wh-xl-cms-int-api" ("*Element*: bmw-cm-wh-xl-cms-contractWithCustomers-flow/processors/2/processors/0 @ bmw-crm-wh-xl-cms-int-api:bmw-crm-wh-xl-cms-api-impl/b... See more...
index=US_WHCRM_int   sourcetype="bmw-crm-wh-xl-cms-int-api" ("*Element*: bmw-cm-wh-xl-cms-contractWithCustomers-flow/processors/2/processors/0 @ bmw-crm-wh-xl-cms-int-api:bmw-crm-wh-xl-cms-api-impl/bmw-cm-wh-xl-cms-contractWithCustomers*") OR "*flow started put*contractWithCustomers" OR "*flow started put*customers:application*" OR "ERROR Message" OR "flow started put*contracts:application*" | rex field=message "(?<json_ext>\{[\w\W]*\})" | rex field=message "put:\\\\(?<Entity>[^:]+)" | rename attributes{}.value.details as details | rename properties.correlationId as correlationId | table _time properties.* message json_ext details Entity | spath input=json_ext | stats count as Entity | append     [ search index=US_WHCRM_int (sourcetype="bmw-crm-wh-xl-cms-int-api" severity=INFO ("*Element*: bmw-cm-wh-xl-cms-contractWithCustomers-flow/processors/2/processors/0 @ bmw-crm-wh-xl-cms-int-api:bmw-crm-wh-xl-cms-api-impl/bmw-cm-wh-xl-cms-contractWithCustomers*") OR "*flow started put*contractWithCustomers" OR "*flow started put*customers:application*" OR "ERROR Message" OR "flow started put*contracts:application*") OR (sourcetype="bmw-crm-wh-xl-cms-int-api" severity=ERROR "Error Message") | rex field=message "(?<json_ext>\{[\w\W]*\})" | rex field=message "put:\\\\(?<Entity>[^:]+)" | rename attributes{}.value.details as details | rename properties.correlationId as correlationId | table _time properties.* message json_ext details Entity | spath input=json_ext | stats count by title | fields count] | stats values(Entity) as Entity values(title) as title | eval success=title-Entity I am using this query but not getting the correct count please help me with this. Or there is any other option to find the difference between those two counts.

Re: Splkunk_SA_CIM not accesible and linking to another TA

by SplunkTrust in Splunk Enterprise
‎10-30-2023 08:22 AM
‎10-30-2023 08:22 AM
OK. First question - how did you install the CIM add-on?

Re: How to remove special characters from field values

by SplunkTrust in Splunk Cloud Platform
‎10-30-2023 08:19 AM
‎10-30-2023 08:19 AM
There might be a better idea, but for example - like this (run-anywhere example). | makeresults | eval test="qa (qa_a_ai_bi1_integra.tio-n_d01)" | table test | rex mode=sed field=test "s/[^-A-Za... See more...
There might be a better idea, but for example - like this (run-anywhere example). | makeresults | eval test="qa (qa_a_ai_bi1_integra.tio-n_d01)" | table test | rex mode=sed field=test "s/[^-A-Za-z0-9.]//g"  

Re: Pass values in splunk search and compare it with results

by SplunkTrust in Splunk Search
‎10-30-2023 08:15 AM
‎10-30-2023 08:15 AM
I would also advise to externalise the conifg (the list of wanted  containers) from the search itself. So I'd simply create a lookup (let's call it containers.csv) with just one column called "name"... See more...
I would also advise to externalise the conifg (the list of wanted  containers) from the search itself. So I'd simply create a lookup (let's call it containers.csv) with just one column called "name" containing all the containers you expect and then do   index=* Initialised xxxxxxxxxxxx xxxxxx|rex "\{consumerName\=\'(MY REGEX)"|chart count AS Connections by name | append [| inputlookup containers.csv ] | stats count by name | where count < 2    This way if your list of containers changes it's easy to just update the lookup instead of rewriting the search.

Re: Splunk integartion with Flat file

by SplunkTrust in Monitoring Splunk
‎10-30-2023 08:11 AM
‎10-30-2023 08:11 AM
OK. First things first. 1) Do you have _anything_ ingested from this forwarder? Check your _internal index for any logs coming from this UF 2) If you didn't specify a destination index, the forward... See more...
OK. First things first. 1) Do you have _anything_ ingested from this forwarder? Check your _internal index for any logs coming from this UF 2) If you didn't specify a destination index, the forwarder will be trying to send the data to the default "main" index - it's not the best idea. 3) Check the output of splunk list inputstatus and splunk list monitor And verify if that file is being read by your forwarder

Re: How to remove special characters from field values

by SplunkTrust in Splunk Cloud Platform
‎10-30-2023 08:06 AM
‎10-30-2023 08:06 AM
Try something like this   | rex mode=sed field=Test "s/[^0-9a-zA-Z\.\-]//g" | eval Test=lower(Test)  

Re: How to find the difference of two stats count

by SplunkTrust in Splunk Search
‎10-30-2023 08:03 AM
‎10-30-2023 08:03 AM
Depending on the size of your searches, you could try this <search A> | stats count as total | append [search <search B> | stats count as error] | stats values(total) as total, values(error... See more...
Depending on the size of your searches, you could try this <search A> | stats count as total | append [search <search B> | stats count as error] | stats values(total) as total, values(error) as error | eval difference=total - error

Re: How to find the difference of two stats count

by SplunkTrust in Splunk Search
‎10-30-2023 07:58 AM
‎10-30-2023 07:58 AM
Again, your requirement is a bit unclear. While there is a possibility of use eventstats in general case as @ITWhisperer showed, the command might be quite resource-intensive, especially over a big d... See more...
Again, your requirement is a bit unclear. While there is a possibility of use eventstats in general case as @ITWhisperer showed, the command might be quite resource-intensive, especially over a big data set so you might want to rethink what you really need because sometimes it's better to calculate some partial sums and creatively aggregate them to get what you need - this approach may in many cases prove to be way way more efficient.

Re: Configure Splunk to get the aide log file

by in Getting Data In
‎10-30-2023 07:54 AM
‎10-30-2023 07:54 AM
Still trying to get the right configuration to read the aide.log file, this is what I have written in the inputs.conf file. [aide] SHOULD_LINEMERGE = true NO_BINARY_CHECK = true TIME_PREFIX = Mtime... See more...
Still trying to get the right configuration to read the aide.log file, this is what I have written in the inputs.conf file. [aide] SHOULD_LINEMERGE = true NO_BINARY_CHECK = true TIME_PREFIX = Mtime\s{4}:\s\d{4,}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\s{14},\s BREAK_ONLY_BEFORE = ((File:|Directory:)) CHARSET = UTF-8 EXTRACT-mtime = (Mtime\s{4}:\s\d{4,}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\s{14},\s(?\d{4,}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})) EXTRACT-ctime = (Ctime\s{4}:\s(?\d{4,}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2})) EXTRACT-file = File:\s(?P[\/]{1,}(\w|.)+) EXTRACT-directory = Directory:\s(?P[\/]{1,}(\w|.)+)

Re: Does stats values command combine unique values?

by SplunkTrust in Splunk Search
‎10-30-2023 07:52 AM
1 Karma
‎10-30-2023 07:52 AM
1 Karma
Hi @LearningGuy , sorry "it runs" I meant that I cannot test your search because if I take the values from your page it runs You have to try to use nomv and mvexpand. Ciao. Giuseppe

Re: Does stats values command combine unique values?

by SplunkTrust in Splunk Search
‎10-30-2023 07:51 AM
1 Karma
‎10-30-2023 07:51 AM
1 Karma
You're again digging into the issue we're tackling in this thread: https://community.splunk.com/t5/Reporting/summary-index-merges-multiple-line-values-into-one-row/m-p/666626#M12263 Due to how mult... See more...
You're again digging into the issue we're tackling in this thread: https://community.splunk.com/t5/Reporting/summary-index-merges-multiple-line-values-into-one-row/m-p/666626#M12263 Due to how multivalued fields are "flattened" when collected to a stash sourcetype, your summarized events really do have the values of "companyA companyA" and "companyB companyB companyB".  

Re: Does stats values command combine unique values?

by in Splunk Search
‎10-30-2023 07:42 AM
‎10-30-2023 07:42 AM
Hi @gcusello , What do you mean by "iy runs using values from a text page"? So, values won't work if "\" gets merged into one line and I should use mvexpand to fix this? Any idea on the root... See more...
Hi @gcusello , What do you mean by "iy runs using values from a text page"? So, values won't work if "\" gets merged into one line and I should use mvexpand to fix this? Any idea on the root cause why it happened after summary index? Thanks

Re: How to find the difference of two stats count

by in Splunk Search
‎10-30-2023 07:38 AM
‎10-30-2023 07:38 AM
How should I join both two queries.

Re: use * in floor

by SplunkTrust in Splunk Search
‎10-30-2023 07:35 AM
‎10-30-2023 07:35 AM
Have your dynamic search return two fields, one with the float in as the label field, and the other with a string of the where command.

Re: How to find the difference of two stats count

by SplunkTrust in Splunk Search
‎10-30-2023 07:33 AM
‎10-30-2023 07:33 AM
| eventstats count as total | stats count as error values(total) as total | eval difference=total-error

Re: Check current date against lookup

by in Splunk Search
‎10-30-2023 07:19 AM
‎10-30-2023 07:19 AM
For those who don't like the idea of a lookup file, due to maintenance,  I created a SQL query, which will calculate the date values (see below). NOTE:  This SQL is written for Oracle, and may need ... See more...
For those who don't like the idea of a lookup file, due to maintenance,  I created a SQL query, which will calculate the date values (see below). NOTE:  This SQL is written for Oracle, and may need to be modified for your purposes.   select Holiday /* CALCULATE HOLIDAY VALUES ... RAW *********************************** */ ,to_char(date_val,'dd-Mon-yyyy') date_val ,to_char(date_val,'Dy') day_val /* CALCULATE FEDERAL HOLIDAY VALUES (IF SHIFTED TO ANOTHER DAY) ******* */ ,case when to_char(date_val, 'Dy') in ('Sat') then 'prev day' when to_char(date_val, 'Dy') in ('Sun') then 'next day' else '' end as fed_calc ,case when to_char(date_val, 'Dy') in ('Sat') then date_val-1 when to_char(date_val, 'Dy') in ('Sun') then date_val+1 else date_val end as fed_recog_date ,case when to_char(date_val, 'Dy') in ('Sat') then to_char(date_val-1,'Dy') when to_char(date_val, 'Dy') in ('Sun') then to_char(date_val+1,'Dy') else to_char(date_val, 'Dy') end as fed_recog_day from (/* CURRENT YEAR -2 ******************************************************************************************************************** */ SELECT 'New Years' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 0) + 0 as date_val FROM DUAL union SELECT 'M.L.K Jr.' as Holiday, NEXT_DAY( TRUNC(sysdate+(365*-2),'YYYY') - 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'President''s' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 1)- 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'Memorial' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 5)- 1,'MONDAY') - 7 as date_val FROM DUAL union SELECT 'Juneteenth' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 5)+18 as date_val FROM DUAL where sysdate+(365*-2) > '01-JAN-2022' union SELECT 'Independence' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 6) + 3 as date_val FROM DUAL union SELECT 'Labor' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 8)- 1,'MONDAY') as date_val FROM DUAL union SELECT 'Columbus' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'), 9)- 1,'MONDAY') + 7 as date_val FROM DUAL union SELECT 'Veterans' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'),10) +10 as date_val FROM DUAL union SELECT 'Thanksgiving' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'),10)- 1,'THURSDAY') +21 as date_val FROM DUAL union SELECT 'Christmas' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-2),'YYYY'),11) +24 as date_val FROM DUAL union /* CURRENT YEAR -1 ******************************************************************************************************************** */ SELECT 'New Years' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 0) + 0 as date_val FROM DUAL union SELECT 'M.L.K Jr.' as Holiday, NEXT_DAY( TRUNC(sysdate+(365*-1),'YYYY') - 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'President''s' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 1)- 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'Memorial' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 5)- 1,'MONDAY') - 7 as date_val FROM DUAL union SELECT 'Juneteenth' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 5)+18 as date_val FROM DUAL where sysdate+(365*-1) > '01-JAN-2022' union SELECT 'Independence' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 6) + 3 as date_val FROM DUAL union SELECT 'Labor' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 8)- 1,'MONDAY') as date_val FROM DUAL union SELECT 'Columbus' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'), 9)- 1,'MONDAY') + 7 as date_val FROM DUAL union SELECT 'Veterans' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'),10) +10 as date_val FROM DUAL union SELECT 'Thanksgiving' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'),10)- 1,'THURSDAY') +21 as date_val FROM DUAL union SELECT 'Christmas' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*-1),'YYYY'),11) +24 as date_val FROM DUAL union /* CURRENT YEAR -0 ******************************************************************************************************************** */ SELECT 'New Years' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 0) + 0 as date_val FROM DUAL union SELECT 'M.L.K Jr.' as Holiday, NEXT_DAY( TRUNC(sysdate+(365* 0),'YYYY') - 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'President''s' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 1)- 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'Memorial' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 5)- 1,'MONDAY') - 7 as date_val FROM DUAL union SELECT 'Juneteenth' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 5)+18 as date_val FROM DUAL where sysdate+(365* 0) > '01-JAN-2022' union SELECT 'Independence' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 6) + 3 as date_val FROM DUAL union SELECT 'Labor' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 8)- 1,'MONDAY') as date_val FROM DUAL union SELECT 'Columbus' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'), 9)- 1,'MONDAY') + 7 as date_val FROM DUAL union SELECT 'Veterans' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'),10) +10 as date_val FROM DUAL union SELECT 'Thanksgiving' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'),10)- 1,'THURSDAY') +21 as date_val FROM DUAL union SELECT 'Christmas' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365* 0),'YYYY'),11) +24 as date_val FROM DUAL union /* CURRENT YEAR +1 ******************************************************************************************************************** */ SELECT 'New Years' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 0) + 0 as date_val FROM DUAL union SELECT 'M.L.K Jr.' as Holiday, NEXT_DAY( TRUNC(sysdate+(365*+1),'YYYY') - 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'President''s' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 1)- 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'Memorial' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 5)- 1,'MONDAY') - 7 as date_val FROM DUAL union SELECT 'Juneteenth' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 5)+18 as date_val FROM DUAL where sysdate+(365*+1) > '01-JAN-2022' union SELECT 'Independence' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 6) + 3 as date_val FROM DUAL union SELECT 'Labor' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 8)- 1,'MONDAY') as date_val FROM DUAL union SELECT 'Columbus' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'), 9)- 1,'MONDAY') + 7 as date_val FROM DUAL union SELECT 'Veterans' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'),10) +10 as date_val FROM DUAL union SELECT 'Thanksgiving' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'),10)- 1,'THURSDAY') +21 as date_val FROM DUAL union SELECT 'Christmas' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+1),'YYYY'),11) +24 as date_val FROM DUAL union /* CURRENT YEAR +2 ******************************************************************************************************************** */ SELECT 'New Years' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 0) + 0 as date_val FROM DUAL union SELECT 'M.L.K Jr.' as Holiday, NEXT_DAY( TRUNC(sysdate+(365*+2),'YYYY') - 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'President''s' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 1)- 1,'MONDAY') +14 as date_val FROM DUAL union SELECT 'Memorial' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 5)- 1,'MONDAY') - 7 as date_val FROM DUAL union SELECT 'Juneteenth' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 5)+18 as date_val FROM DUAL where sysdate+(365*+2) > '01-JAN-2022' union SELECT 'Independence' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 6) + 3 as date_val FROM DUAL union SELECT 'Labor' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 8)- 1,'MONDAY') as date_val FROM DUAL union SELECT 'Columbus' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'), 9)- 1,'MONDAY') + 7 as date_val FROM DUAL union SELECT 'Veterans' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'),10) +10 as date_val FROM DUAL union SELECT 'Thanksgiving' as Holiday, NEXT_DAY(ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'),10)- 1,'THURSDAY') +21 as date_val FROM DUAL union SELECT 'Christmas' as Holiday, ADD_MONTHS(TRUNC(sysdate+(365*+2),'YYYY'),11) +24 as date_val FROM DUAL ) calc order by date_val

Re: Does stats values command combine unique values?

by SplunkTrust in Splunk Search
‎10-30-2023 07:18 AM
1 Karma
‎10-30-2023 07:18 AM
1 Karma
Hi @LearningGuy , you should try to use mvexpand and nomv commands. I cannot test because iy runs using values from a text page. Ciao. Giuseppe

How to remove special characters from field values

by in Splunk Cloud Platform
‎10-30-2023 07:18 AM
‎10-30-2023 07:18 AM
Hi Splunkers,    1) I wanted to remove all special characters from my field called "Test" other than "."(dot) and "-"(dash) 2) return the values in lower case. example field values for Test i4... See more...
Hi Splunkers,    1) I wanted to remove all special characters from my field called "Test" other than "."(dot) and "-"(dash) 2) return the values in lower case. example field values for Test i4455.mango.com qa (qa_a_ai_bi1_integration_d01) app-9999-bee-mysql-prod   please help
Labels