I am using this search in Splunk, index=voice sourcetype=voice_cvp source="*ActivityLog*" host="omatelstgcvp4" ",ForbExt_Accept," | table_raw , that results in the following 10.217.108.151.159283...
See more...
I am using this search in Splunk, index=voice sourcetype=voice_cvp source="*ActivityLog*" host="omatelstgcvp4" ",ForbExt_Accept," | table_raw , that results in the following 10.217.108.151.1592834757078.388.F,06/22/2020 09:06:22.240,set_COVIDForbExtAccept,custom,ForbExt_accept,978362,4024754759, and I would like to be able to have it only display ForbExt_accept,978362,4024754759, to use to send an alert w/this data in a csv file