Hello All,
I am new to splunk and I have a question regarding the splunk field extraction. Consider the following example log snippet which consists of 4 events. The error messages are the same except for the field "sku" , time stamp and OrderNumber.
After the below log has been ingested into splunk --If I were to search for the field "errorMessage" I will get 4 results which are the below events.
On the other hand if I were to consider all the below events as one format (consider all the four events as duplicate) by ignoring the all the other key value pairs except "errorMessage" --can this be done without ever asking splunk to ignore the "sku" field ?
Thanks for your reply. I did figure it out.
Hi @Joe20,
I couldn't understand you need. Could you please put a sample desired output?