Splunk Tutorials: Splunk Commands Reference -

Splunk Tutorials: Splunk Commands Reference - splunk coalesce Using the splunk coalesce command can create a new field with information from both fields and can also insert a value if none exists splunk coalesce Double quotes make splunk think the value is a literal string, rather than a field Use single quotes in your coalesce instead, and you should

splunk coalesce The COALESCE function takes two or more compatible arguments and returns the first argument that is not null

coalesce synonyms Using the splunk coalesce command can create a new field with information from both fields and can also insert a value if none exists  Learn how to use the coalesce function in YARA-L to provide greater flexibility to your detection rule writing in Google SecOps Chronicle