'Show Source' in the search events

TestQA52 · ‎05-27-2021

I am searching for logs, and when I click on 'Show source' they are more logs associated with it

Is there a way to have these other logs to show in the events? I cannot format Show Source as easily as the search events

aasabatini · ‎05-27-2021

try metadata command, it's really easier to check sources, sourcetypes and hosts

example for the sources:

| metadata type=sources

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

TestQA52 · ‎05-27-2021

@aasabatini Hey, thank you. Im very new to Splunk

Sometext| metadata type=sources

I'm getting: or in 'metadata' command: This command must be the first command of a search

metadata type=sources | Sometext

It says Sometext is not a command

aasabatini · ‎05-27-2021

please read the documentation

anyway run the search like this

| metadata type=sources index=<your index> splunk_server=<your server>

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

Are you a member of the Splunk Community?