Hello! If I have this: Letter Number A 1 A 2 A 3 B 1 B 2   is there a way to get this:   Letter Number A 1   2   3 B 1   2   so that the transition from one set of related rows to the next is clear?    

Hello, i'm trying to add values to an existing field but i'm running into a wall. I have a field name vector and another field name source, the pattern of the source field is XXX - YYY - ZZZ, i only want to keep the XXX part, so i've done     | eval temp = mvindex(split(source, " - "),0)     then i try to add these result to the vector field like this :     |eval vector = vector + temp     but it doesn't work.   Can you help me ?

Hello Community !  Is it possible to get a list of all the Indexes which are used in ITSI and all the related services to those indexes with a SPL ?  | REST /services/data/indexes | dedup title | sort title | table title     -  I found this to be helpful but it's not the answer which i'm looking for.  Thank you in advance ! 

Hello Experts,  I would need your help.  My Splunk Enterprise license is going to expire in the next 10 days but I have already installed a new license. Now I have two licenses in Splunk Enterprise. first will expire in the next 10 days and the second is the new one. Please guide me if my newly added license will automatically take over when the old license will expire after 10 days or do I need to remove the old license right away so that the newly added license can take place?    

 I have a field "facilityAlias" for which location can be changed in every api log file. I have to extract that field using Regex method. I have tried Regex statement but not getting expected result. Regex statement: rex field=_raw "facilityAlias\":\"(?<facility>.*)\"," expected result: Parc de Salut Mar Barcelona current result: Parc de Salut Mar Barcelona","systemName":"CMPSB   Sample Log file: sample log: 2023-01-02 23:36:58,521 [[MuleRuntime].uber.3869: [abcd-message-kdhskhdsk-api].Delete_msg_from_queue.BLOCKING @27fe0275] INFO  com.skdhksh.jsdhjshd.hsd.logging.internal.CustomLoggerOperations - {"environment":"stag36rcf_eu-env","applicationName":"abcd-message-kdhskhdsk-api","correlationId":"kshddhks-3o4u-jshd8-aksdbkadkahd","apiProcessingTime":347,"totalProcessingTime":740,"tracePoint":"END","logMessage":"{\n  \"url\": \"abcd\",\n  \"bucketName\": \"dipeus-data-store\",\n  \"s3versionID\": \"shdkshdkshdkshdkshdkshdkjshd\",\n  \"s3key\": \"ljdljdlajldj]dsdsd\ksdjksjdksjdksjdksjksjd\ksdjksjd\"\n}","txnMetadata":{"bundleId":"ahsdkhsdh-skjdhshdkshd-skdhshdks-skdhkshd","messageType":"abcd","messageSubType":"kdshdkshdks","facilityAlias":"Parc de Salut Mar Barcelona","systemName":"CMPSB","transactionStartTime":1672702617781,"relatesToPatientMerge":false,"inputPayload":"adhkjshdkshdkshdkshd"},"apiStartTime":"1672702618174"}

Hi all, I deal with a multi-value fields and try to provide a multiselect dropdown for users. Therefore, I use mvfind() in the setting for Token value(prefix) / Token value(Suffix). Token value(Prefix) = isnotnull(mvfind( HWid, " Token value(Suffix) = ")) It works well if I input one HW ID or many HW ID. However, I get trouble in inputing "all". I want to provide users all events by default but I am unable to find a way to do this by using mvfind(). It is similar as wildchar (all any values) to mvfind(). Is there any suggestion on how to provide all events on mvfind() ? Thank you so much! Jouman