Solved: Splunk Report

runiyal · ‎02-13-2020

I have a enteries in logfile that has information like the following two -

transaction sucessful. Request: {empName=Sam, empNum=40012, empMgr=John, empDept=102}
transaction sucessful. Request: {empName=John, empNum=40001, empDept=102}

In this case, empName, empNum, empMgr, empDept are the variables for which each request is sending a value

I want a report that shows all the values under variables for these successful transaction like this

empName empNum  empMgr  empDept
Sam      40012  John         102 
John        40001                102

woodcock · ‎02-13-2020

Like this:

index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="AndSourcetypeToo"
| kv
| table empName empNum empMgr empDept

View solution in original post

woodcock · ‎02-13-2020

Like this:

index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="AndSourcetypeToo"
| kv
| table empName empNum empMgr empDept

vikramyadav · ‎02-13-2020

index="yourindexname" source="yoursourcename" | stats count by empName empNum empMgr empDept | fileds - count

Splunk Report

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation