Hello,

I am somewhat new to splunk but I am having issues creating a table for a search I am doing and I need assistance please.

Example log:

vip:vip_name_goes_here dns_response:0.008 http_code:200 time_total:0.523 url_effective:url_goes_here:80

Search query I am trying to execute:

index=* host=kjones* sourcetype="viphealth" | eval http_code="http_code:" | eval vip="vip:" | eval dns_response="dns_response:" | eval time_total="time_total:" | eval url_effective="url_effective" | table vip dns_response http_code time_total url_effective

I know its wrong but how do I evaluate the sources defined in the log above? I have the ability to change the output of the log to different interesting fields if needed. I just want a table that will give me stats of all logs for these type.

Example of how I want table to show:

vip dns_response http_code time_total url_effective
vip:vip_name_goes_here dns_response:0.008 http_code:200 time_total:0.523 url_effective:url_goes_here

Thanks for any help you can be.