I have this search query which will return a single row of data- index=xyz | search accountID="1234" instanceName="abcd1" | table curr_x, curr_y, curr_z, op1_x, op1_x, op1_z, op2_x, op2_y, op2_z, op3_x, op3_y, op3_z | fields - accouintID, instanceName and I want to display the resultant row of data in a matrix format like - Option x y z current curr_x curr_y curr_z option_1 op1_x op1_x op1_z option_2 op2_x op2_y op2_z option_3 op3_x op3_y op3_z Please note: Field names are indicative, actual values of the respective fields to be displayed. Assumption : There will always be only one row for a selected accountID and instanceName   Can someone please help me by letting know how this can be achieved?

I am investigating how to have a continuous build process for our Splunk addon and I saw that there are 3 options: slim -a cli tool that is a part of  Package apps with the Packaging Toolkit | Documentation | Splunk Developer Program AppInspect - a part of Validate quality of Splunk apps | Documentation | Splunk Developer Program Add-on Builder - Install the Add-on Builder - Splunk Documentation slim gave me very little output and it wasn't clear what sort of validations it was running. app-inspect is very configurable and provides rich output so I'm pretty happy with it. However, I got a recommendation to trust the Add-on Builder's validations. Unfortunately, apart from using some Selenium manipulations to touch the Splunk UI, I wasn't able to identify a way to automatically call it validation logic from an HTTP API or a cli. Finally, the output of AppInspect & the Add-on Builder differs - I'm currently checking why this is so. Perhaps the validations are completely different ... So my questions to the community are: 1. What is the best approach to validate a Splunk add-on? 2. How would you recommend automating at least the validation part of the process? Thank you so much in advance!

I have  messages like below in logs, I want to extract ErrorCode from Those messages, Here ErrorCode is CIS-46031 However there could be space right after ErrorCode or after ErrorCode:  msg: ErrorCode:CIS-46031,ErrorMessage:Some unknown error occurred in outage daemon request. Please check.,Error occurred in CIS domain events outage processing. msg: ErrorCode : CIS-46032,ErrorMessage:Some unknown error occurred in outage daemon request.  msg: ErrorCode :CIS-46033, ErrorMessage:Some unknown error occurred in outage daemon request.  How can we do the same in Splunk

Hi,   Is there a way to connect Splunk Connect for Kubernetes to HEC on Splunk Cloud instance through a HTTP(S) Proxy ?   Is it possible to use `environmentVar:` in values.yml file ? If yes, what are the variables and the format to use ?   Regards. Nicolas.

Dears I need an advice from experts who have past experience on splunk, Please do not advise for splunk professional services or Partner help,  How i can measure approximately the source device is generating how much number of data that i need to  ingest in splunk , there must be some way to assume till some extend for example a firewall will generate more logs than a windows server. Lets assume if i m ingesting a 300GB/day in splunk and i have 5  administrative users using search head then the highlighted below is good to follow. If i am adding Enterprise security module then the sizing changes,?? how much additional  data ingestion needs to be added and what is the math behind this ? thanks