I found a similar post that did not quite fit the bill of what I am trying to do.
I want to be able to create a link graph that shows a logical flow of all of our data from index>sourcetype>fields.
Issues I am running into:
| fieldsummary does not work with metadata and thus does not include the index or sourcetype.
|tstats search is only able to show index and sourcetype.
I figure there is a base search I need to set up to pull the initial sourcetypes to run fieldsummaries on, but I'm not sure how to string these techniques together or if something like this is even feasible without leaving a very heavy burden on the cluster.
I would like to make this a report that updates a lookup weekly so that the dashboard is referencing the lookup instead of running this search.
Thanks in advance for your time!
