Solved: Get App Name/Folder Name using Search

askkawalkar · ‎08-04-2020

Hi All,

I am stuck at a scenario where if user using search in a specific app, then that app folders name should be shown as a filed.

Is there any way to get current app name using REST or METADATA or any other command ?

Thanks.

thambisetty · ‎08-04-2020

index=_internal
| stats count
| appendcols
[| rest /services/search/jobs splunk_server=local
| addinfo
| where sid = info_sid
| rename eai:acl.app as app_name
| fields + app_name]

upvote if this resolves your issue.

————————————
If this helps, give a like below.

View solution in original post

thambisetty · ‎08-04-2020

index=_internal
| stats count
| appendcols
[| rest /services/search/jobs splunk_server=local
| addinfo
| where sid = info_sid
| rename eai:acl.app as app_name
| fields + app_name]

upvote if this resolves your issue.

————————————
If this helps, give a like below.

Get App Name/Folder Name using Search

fields

metadata

search job inspector

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation