Hello,
Is there a way to combine the results for 2 different servers (DNS names) into a third field that becomes the 'combined' field? For example, a search returns the following:
Dest Action Total
Server1 Failure 10
Server2 Failure 20
How can I combine the results from Server 1 and Server 2 into a new field called Server3 (the combined field) to return the following:
Dest Action Total
Server3 Failure 30
The reason I ask is because Server1 and Server2 are really the same server. Server1 is the internal interface and Server2 is the external interface. However, these DNS names are treated as 2 different servers in Splunk and I'd like to combine the Totals that I'm tracking in my dashboards into a new "Server3" field. I hope this makes sense.
Thanks.