Solved: Report on all values of fields.

tawollen · ‎01-26-2011

I am trying to get a list of all fields values in our splunk server, but not a table..

A table would work, except that each line is unique for all fields in the line.

I want something that just lists all fields

e.g. * | table host os user would give me

host1 windows user1
host1 windows user2
host1 windows user3 
host2 windows user1
host2 windows user2
host2 windows user4 (etc) giving 10,000+ results

What I am trying to get is a list that looks more like this:

host1 windows  user1  
host2 unix     user2
host3 as400    user3
host4          user4
host5
host6

this list should only list each host once, each OS once, each user once.

Searching through the docs, I didn't see anything that would work.

thanks

Ron_Naken · ‎02-10-2011

Have you tried:

... | stats values(host) values(os) values(user)

Maybe even dress it up a bit for aesthetics:

... | stats values(host) as host values(os) as os values(user) as user

Ron_Naken · ‎02-10-2011

Have you tried:

... | stats values(host) values(os) values(user)

Maybe even dress it up a bit for aesthetics:

... | stats values(host) as host values(os) as os values(user) as user

ftk · ‎01-26-2011

How about using dedup?

* | dedup host os user | table host os user

harshal_chakran · ‎01-05-2014

Even I have the same issue. Even after applying dedup, it shows the same table. Kindly help

tawollen · ‎01-26-2011

Nope. I still get what looks like example 1 above..

Report on all values of fields.