Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure a search for metadata

jtpryan
New Member
‎11-13-2019 12:53 PM

I have a number of Jenkins jobs for which I would like to create a dashboard with search (pull downs, form fills). The searching would be on the metadata held within each job.

For example, one of the pieces of metadata is a filed the Jenkins user filled out called "squad name".

If I just search for one of the squad names I know are in there, SquadNameJimDoodle,
I get the following results:

build_number: 544
   build_url:job/Release_Candidate/job/docker-dist-load-test-deploy/job/test/job/jmeter-docker-test
   event_tag: build_report
   job_name: job/job/Release_Candidate/job/docker-dist-load-test-deploy/job/test/job/jmeter-docker-test/
   job_result: SUCCESS
   metadata: { [-]
     FUNCTIONAL_AREA: Digital
     JMX_FILE: Sample-Test-Plan/sendMessageTest.jmx
     REMOTE_BRANCH: EEOTS-5691-Update-PEPT-Template-with-Functional-Domain-Field
     REQUIRED_LGS: 1
     SQUAD_NAME: SquadNameJimDoodle
     STACK_NAME: Jimmystack
     TEST_REPO_BRANCH: Branch
     TEST_REPO_URL: https://test_repo
   }
   page_num: 1
   testsuite: { [+]
   }
   user: me

As you can see the metadata field SQUAD_NAME: is where the value SquadNameJimDoodle is held.

The other fields I need to search on are also in this "metadata" area. I can't figure out how to build the query to search on them.

Any help appreciated.

Jim

0 Karma
Reply

to4kawa
Ultra Champion
‎12-22-2019 04:59 PM 
| makeresults
| eval _raw="{\"build_number\": 544,
    \"build_url\":\"job/Release_Candidate/job/docker-dist-load-test-deploy/job/test/job/jmeter-docker-test\",
    \"event_tag\": \"build_report\",
    \"job_name\": \"job/job/Release_Candidate/job/docker-dist-load-test-deploy/job/test/job/jmeter-docker-test/\",
    \"job_result\": \"SUCCESS\",
    \"metadata\": { 
      \"FUNCTIONAL_AREA\": \"Digital\",
      \"JMX_FILE\": \"Sample-Test-Plan/sendMessageTest.jmx\",
      \"REMOTE_BRANCH\": \"EEOTS-5691-Update-PEPT-Template-with-Functional-Domain-Field\",
      \"REQUIRED_LGS\": 1,
      \"SQUAD_NAME\": \"SquadNameJimDoodle\",
      \"STACK_NAME\": \"Jimmystack\",
      \"TEST_REPO_BRANCH\": \"Branch\",
      \"TEST_REPO_URL\": \"https://test_repo\"},
    \"page_num\": 1,
    \"testsuite\": { 
    },
    \"user\": \"me\"}}"
    | spath path=metadata output=metadata
    | table metadata
    | spath input=metadata

Hi, @jtpryan
How about this?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...