Splunk Search
Highlighted

How can I arrange my search result: folder by folder? (I am watching logs in differents folders)

Engager

I would like to know how I can arrange my search result folder by folder? (I am watching logs in differents folders) and now I only have a mixed results of any log watching by Splunk

0 Karma
Highlighted

Re: How can I arrange my search result: folder by folder? (I am watching logs in differents folders)

Legend

Hi jbosano,
what do you mean with folder by folder: divided by source folder?
if thisi s you need, you could extract path form the source and order result for this field, e.g. for unix file system

my_search
| rex field=source "(?<path>.*)\/(?<file>.*?)$"
| stats values(file) AS filename BY path

you can test this regex at https://regex101.com/r/DFHDzl/2

Bye.
Giuseppe

0 Karma