I have many directories of the below pattern in a set of hosts:
I want to tabulate all the foldernames i.e the 4th sub-dir in a host like below:
Is there any way I can achieve this in Splunk?
Kindly provide suggestions
@ sarnagar, If your script is adding multi-valued folder names per host as raw data, you can just
host and `raw` i.e.
<YourBaseSearch> | table host _raw
Ideally if you have setup monitoring your your log files under specific folder the folder structure should be displayed as
source, which is a
inputs.conf setting (https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectorieswithinputs.conf#M...). Then all you would need to do in Splunk is use
mvindex() evaluation functions to extract required directory name.
HI @niketnilay ,
When I export the results I dont get all the folders for the host. Only the first folder for any host is present.
Why does this happen? KindLy help.
your current search getting events from output of shell script | rex max_match=0 "(?<foldername>\w+)" | table host foldername