Solved: Splunk Report

runiyal · ‎02-13-2020

I have a enteries in logfile that has information like the following two -

transaction sucessful. Request: {empName=Sam, empNum=40012, empMgr=John, empDept=102}
transaction sucessful. Request: {empName=John, empNum=40001, empDept=102}

In this case, empName, empNum, empMgr, empDept are the variables for which each request is sending a value

I want a report that shows all the values under variables for these successful transaction like this

empName empNum  empMgr  empDept
Sam      40012  John         102 
John        40001                102

woodcock · ‎02-13-2020

Like this:

index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="AndSourcetypeToo"
| kv
| table empName empNum empMgr empDept

View solution in original post

woodcock · ‎02-13-2020

Like this:

index="YouShouldAlwaysSpecifyAnIndex" AND sourcetype="AndSourcetypeToo"
| kv
| table empName empNum empMgr empDept

vikramyadav · ‎02-13-2020

index="yourindexname" source="yoursourcename" | stats count by empName empNum empMgr empDept | fileds - count

Splunk Report

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!