Hi, I have a huge set of data with different emails in it , I want to setup email alerts for few parameters. But the issue is I'm unable to group the events on email and send a email alert with the csv attachment of the results. Example:- abc@email has around 80 events in the table , I want to send only one alert to abc with all the 80 events in it as csv attachment. And there are around 85+ emails in my data , and they have to be grouped using only 1 spl and it should be used in alert. Note :- dont suggest $result.field$  or stats to group its not useful for me. Thank you ... View more

Hi, How can I combine a field value , if the other 3 field values are the same Ex:- If the field1 , field2 , field3 are same but the field4 is different and its creating a new row in my splunk table, I want to merge or combine the field4 values into one field value separated by commas if the field1 , field2 , field3 are same   ... View more

Hi, Im currently working on ingesting 8 csv files from a path using inputs.conf on a UF. And the data is getting ingested . The issue is these 8 csv files are overwritten daily by new data by a automation script so the data inside the csv file is changed daily.   I want to ingest the complete csv data daily into Splunk , but what I can see is only a small set of data is getting ingested but not the complete csv file data.   My inputs.conf is  [monitor://C:\file.csv] disabled = false sourcetype = xyz index = abcd crcSalt = <DATETIME>   Can someone please help me , whether Im using the correct input or not?   The ultimate requirement is to ingest the complete csv data from the 8 csv files daily into Splunk.   Thank you. ... View more

Hi ,   I have a requirement to create a software stack dashboard in Splunk , which shows all the details which are seen in task manager like shown in below. We have both windows and unix addon  installed and getting the logs.   Can someone please help me in creating a dashboard which shows all the details in a dashboard.   ... View more

Hi, I have ingested the qualys data using the Qualys TA addon and enabled the inputs to run once every 24 hours. Im ingesting the host detection and knowledge logs into Splunk. The requirement is to create a dashboard with multiple multiselect filters and do the enrichment from our database. But I found that the data in qualys is different from Splunk logs. And the inputs is ingesting only a certain amount of data.   My ask is I want to ingest complete data every time the inputs runs , so that I get accurate data and use it in dashboards. Please help me.   Regards, Dayal ... View more

Hi, We are using a Splunk hybrid environment , with Splunk HF on Splunk enterprise , indexers and search heads  on Splunk Cloud. I have installed and configured the Qualys TA addon on Splunk HF and ingesting the data to Splunk Cloud. But the Qualys apps are supported only on Splunk Enterprise and not Splunk Cloud. Is there a way to get the dashboards on Splunk Cloud? Can someone please help. ... View more

Hi,   I have ingested an csv file by creating an input on a windows server. But the challenge is the logs are not getting extracted as fields  I want the data to be extracted in fields. Can someone please help me in extracting all the fields from the log.   Thank you ... View more

Hi,   I have a excel file on a linux server at a particular path. I have created a input file to monitor this file , but Im not receiving any logs. Can anyone help me how to get that excel daily by creating  a input.conf  ... View more

Hi, I have enabled a email alert and its working fine. I want to add to add a URL link in email body , but its picking as normal text. Is there any way I can add the link to the email body? Thanks in advance   ... View more