Hi all,
i have an log4j logs in that i have extracted the User names ...so now my field User has 79 user names what i need is i want a dropdown in that i want this 79 name to be in that list so that if i click any one of the name i want to see the log related to that Username
plz give an idea to proceed
thanks in advance,
poornima
Cool... enjoy splunking 🙂
thanks guys..
its working!!!!
searchtemplate>source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log" $username$|fields - _time </searchtemplate>
<![CDATA[source="C:\Users\20875\Desktop\pros-Tomcat-AMGDCPROSAPPP1.log"
| rex FIELD=_raw "User: (?
| stats count by User]]>
after run this code.i got the table as above with time field ..but i want to remove that
your search | fields - _time
please verify the attachment contains the ouput..
in that table i want to remove the _time coloumn alone
plz suggest the way
A quick Google for, "Splunk forms drop down" revealed;
http://docs.splunk.com/Documentation/Splunk/4.3/Developer/AddDropDowns
Let us know if you hit any specific problem or issue
hi ayn i found the answer for that..
i used choice value ...
thanks
Well, as you can see in the DOCS *hint*
...
<default> The default option to select.
If the default option cannot be found, the first option is selected.
Hi ayn,
I got the answer..but one small problem..
i have inserted the
stats values(User) returns just one event. That won't work. Study the link Drainy gave you. It clearly shows how all examples have one line per item in the dropdown.
I verifed the given link and i craeted the code as below
correct me if i went wrong in the above code