Hi,
I want to separate out below fields in table format.
Raw = Namespace [com.sampple.ne.vas.events], ServiceName [flp-eg-cg], Version [0.0.1], isActive [true], AppliationType [EVENT]
Query I a...
See more...
Hi,
I want to separate out below fields in table format.
Raw = Namespace [com.sampple.ne.vas.events], ServiceName [flp-eg-cg], Version [0.0.1], isActive [true], AppliationType [EVENT]
Query I am using = | eval Namespace=mvindex(split(mvindex(split(_raw, "Namespace "),1),"],"),1) | eval ServiceName=mvindex(split(mvindex(split(_raw,"ServiceName "),1),"],"),0) | eval Version=mvindex(split(mvindex(split(_raw,"Version "),1),"],"),0) | stats latest(Namespace) as Namespace latest(ServiceName) as ServiceName latest(Version) as Version by host | sort -Version
Expected result
Host
AppName
ServiceName
Version