×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Newbie_punk
New Member
Member since: ‎08-19-2023
‎08-19-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-19-2023
Activity Feed
Topics I've Started
View All

How to use IF....ELSE in Splunk

by in Splunk Search
‎08-19-2023 06:24 PM
‎08-19-2023 06:24 PM
Hello  I'm trying to figure out How can I use kinda if...else condition in my Splunk query. I've set up two metrics, which are sending data to Splunk. Each matrix have different index value.  For Example: For Matrix A the index is "index=aData" and for Metric B index is "index=bData". Currently in Splunk I'm seeing duplicate data because both metrics are sending same value. So what I'm trying to achieve is:  1. First look for data if coming from "index=aData" 2. If able to see data from index "aData" show me the results  3. else check the data from "bData" (Not looking for "OR " condition)  Results should show the data only from 1 index to avoid duplicity.    ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-19-2023 06:26 PM