By Splunk February 10, 2016
Hey there community and welcome to the 53rd installment of Smart AnSwerS.
With Super Bowl 50 madness phasing out this week, our rescheduled San Francisco Bay Area User Group meeting is a go for tonight at Splunk HQ! Splunker Erik Cambra will be giving a talk on how Splunk splunks…(drum roll)…Splunk! If you happen to be in the area, come on by! If you can’t grace us with your presence because you’re miles away, then be sure to check out the Splunk User Groups site to find an upcoming meeting near you 
Check out this week’s featured Splunk Answers posts:
Why am I getting inconsistent event counts when using wildcard characters to match event field values?
splunkIT was getting different counts using wildcards to search an extracted field value and wanted to know if this was a limitation or a bug. woodcock shared a Splunk blog that covered a solution for this by using INDEXED_VALUE = false, but with the caution that this could affect search performance. cpride came in to give a very informative overview on how strings of raw data are indexed using values configured in segmenters.conf and demonstrated why this affects results using wildcards placed in different parts of the searched value.
https://answers.splunk.com/answers/326291/why-am-i-getting-inconsistent-event-counts-when-us.html
What is the easiest way to send an alert when another alert’s trigger condition has cleared?
This topic has come up on Answers several times, so this helpful question and answer by jwelsh serves as a good reference for users searching high and low. Learn how to use the _internal index to find the last time your desired alert fired to prevent overlapping triggered alerts.
https://answers.splunk.com/answers/326872/what-is-the-easiest-way-to-send-an-alert-when-anot.html
How do I sum the counts of all the similar values in a field to show as a single item?
praneethkodali had a search that was producing a list of values and counts for a field, but needed to edit the search to sum the counts of similar values in the list. With the powers of regular expressions and eval combined, aljohnson (with some mutual help from praneethkodali) shows how to match the variations into a single uniform value to get the desired result.
https://answers.splunk.com/answers/327096/how-do-i-sum-the-counts-of-all-the-similar-values.html
Thanks for reading!
Missed out on the first fifty-two Smart AnSwerS blog posts? Check ‘em out here!
http://blogs.splunk.com/author/ppablo
----------------------------------------------------
Thanks!
Patrick Pablo