I am trying to create a Dashboard that hold multiple table of WebSphere App Server configuration data.  The data I have looks like this: {"ObjectType ":"AppServer","Object":"HJn6server1","Order":"147","Env":"UAT","SectionName":"Transport chain: WCInboundDefaultSecure:Channel HTTP", "Attributes":{"discriminationWeight": "10","enableLogging": "FALSE","keepAlive": "TRUE","maxFieldSize": "32768","maxHeaders": "500","maxRequestMessageBodySize": "-1","maximumPersistentRequests": "100","name": "HTTP_4","persistentTimeout": "30","readTimeout": "60","useChannelAccessLoggingSettings": "FALSE","useChannelErrorLoggingSettings": "FALSE","useChannelFRCALoggingSettings": "FALSE","writeTimeout": "60"}} Where every event is a configuration section within an appserver where: ObjectType - AppServer Object - Name of Appserver (ex. "HJn6server1") Env - Environment. (ex. Test, UAT, PROD) SectionName - name within the appserver configuration that holds attributes. Attributes - configuration attributes for a SectionName I have been able to create one table per SectionName, but can't extend that to multiple sections.  I used the following code to make one table:  index = websphere_cct (Object= "HJn5server1" Env="Prod") OR (Object = "HJn7server3" Env="UAT") SectionName="Process Definition" Order [ search index=websphere_cct SectionName | dedup Order | table Order ] | fields - _* | fields Object Attributes.* SectionName | eval Object = ltrim(Object, " ") | rename Attributes.* AS * | table SectionName Object * | fillnull value="" | transpose column_name=Attribute header_field=Object | eval match = if('HJn5server1' == 'HJn7server3', "y", "n") Output:  Attribute HJn7server3 HJn5server1 match SectionName Process Definition Process Definition y IBM_HEAPDUMP_OUTOFMEMORY     y executableArguments [] [] y executableTarget com.ibm.ws.runtime.WsServer com.ibm.ws.runtime.WsServer y executableTargetKind JAVA_CLASS JAVA_CLASS y startCommandArgs [] [] y stopCommandArgs [] [] y terminateCommandArgs [] [] y workingDirectory ${USER_INSTALL_ROOT} ${USER_INSTALL_ROOT} y   What I would like to do is to create as many tables as there are SectionNames for a given comparison between two Objects. But I cannot figure out how to modify the code for allowing to have several tables in one dashboard for multiple SectionNames with their associated Attributes for two appservers in comparison.  Please help.   

I have a table in Database that I need to check every 30 minutes,starting from 7.00 AM in the morning. The first alert i.e. at 7.00 AM should send the entire table without any checking any conditions.  Next here I have a field from the table named ACTUAL_END_TIME. This column can have only any of the three values, first a timestamp in HH:MM:SS format, second a String In-Progress, and third is again a String NotYetStarted. I need to check this table every 30 mins, and only trigger the alert when all the rows of the column ACTUAL_END_TIME have only timestamp. NOTE: The alert should trigger only once per day. How do I setup this alert

Hi, I’m using splunk docker image with HEC to send log. I got Success message as the guideline. How could I query the log to see “hello world”, which was what I just sent?I tried a few search related curl commands but all of them just returns a very long xml. “hello world” is not in the response. Such as   curl -k -u admin:1234567Aa! https://localhost:8089/services/search/jobs -d "search *"  Could anyways share me a search curl command that can return "hello world" that I sent? I only have one record so I don't need complicated filtering.