I have many directories of the below pattern in a set of hosts:
I want to tabulate all the foldernames i.e the 4th sub-dir in a host like below:
Is there any way I can achieve this in Splunk?
Kindly provide suggestions
@ sarnagar, If your script is adding multi-valued folder names per host as _raw data, you can just
<YourBaseSearch> | table host _raw
Ideally if you have setup monitoring your your log files under specific folder the folder structure should be displayed as
source, which is a
inputs.conf setting (https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectorieswithinputs.conf#M...). Then all you would need to do in Splunk is use
mvindex() evaluation functions to extract required directory name.
HI @niketnilay ,
When I export the results I dont get all the folders for the host. Only the first folder for any host is present.
Why does this happen? KindLy help.