Dashboards & Visualizations
Highlighted

Tabulate the list of folders under a directory for all hosts?

Contributor

1.alt text
I have many directories of the below pattern in a set of hosts:
/opt/ab/admin/abdc/apache/main.logs
/opt/ab/admin/xyzz/apache/main.logs

I want to tabulate all the foldernames i.e the 4th sub-dir in a host like below:
host foldername
A abcd
xyzz
B abcd
pqrs
xyzz

Is there any way I can achieve this in Splunk?

  1. I tried to execute a shell script that just lists these folders names and this is available in the events as shown in screenshot attached. But Im not sure how I can tabulate them for the host?

Kindly provide suggestions

Tags (2)
0 Karma
Highlighted

Re: Tabulate the list of folders under a directory for all hosts?

Legend

@ sarnagar, If your script is adding multi-valued folder names per host as raw data, you can just table host and `raw` i.e.

<YourBaseSearch>
| table host _raw

Ideally if you have setup monitoring your your log files under specific folder the folder structure should be displayed as source, which is a inputs.conf setting (https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectorieswithinputs.conf#M...). Then all you would need to do in Splunk is use split() with mvindex() evaluation functions to extract required directory name.




| eval message="Happy Splunking!!!"


Highlighted

Re: Tabulate the list of folders under a directory for all hosts?

Contributor

HI @niketnilay ,

When I export the results I dont get all the folders for the host. Only the first folder for any host is present.

Why does this happen? KindLy help.

alt text

0 Karma
Highlighted

Re: Tabulate the list of folders under a directory for all hosts?

SplunkTrust
SplunkTrust

Try this

your current search getting events from output of shell script
| rex max_match=0 "(?<foldername>\w+)"
| table host foldername

View solution in original post

Highlighted

Re: Tabulate the list of folders under a directory for all hosts?

Contributor

HI @somesoni2,

When I export the results I dont get all the folders for the host. Only the first folder for any host is present.

Why does this happen? KindLy help.

alt text

0 Karma