I would like to know how I can arrange my search result folder by folder? (I am watching logs in differents folders) and now I only have a mixed results of any log watching by Splunk
Hi jbosano,
what do you mean with folder by folder: divided by source folder?
if thisi s you need, you could extract path form the source and order result for this field, e.g. for unix file system
my_search
| rex field=source "(?<path>.*)\/(?<file>.*?)$"
| stats values(file) AS filename BY path
you can test this regex at https://regex101.com/r/DFHDzl/2
Bye.
Giuseppe