Search for a value in a set of results, then indic...

Splunk Search

I have a somewhat complicated search whose results I present in a dashboard, and looks a bit like this:

[
    search 
(
    _raw IN (<video title>)
)
 AND event_name=process.start | fields video_id
 ] 
 (event_name=processor.*) | eval mytime=strftime(_time, "%Y/%m/%d %H:%M:%S") | stats latest(event_name) as Event latest(video_title) as Title latest(mytime) as "Message time" latest(status_short_text) as "Message text" by video_filename

This searches for a message indicating that processing of a particular video title has started. Then passes video_id to a new search, which returns the latest status message for each video_filename found for that video ID.

The system returns a "Processing complete" message indicating that a particular file has finished processing, but this is not necessarily the last message returned. I would like to create a field that indicates whether a "Processing complete" message has been received for each video_filename.

Get Updates on the Splunk Community!

Search for a value in a set of results, then indicate in a new field if the value was found

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?

Search for a value in a set of results, then indicate in a new field if the value was found

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console