I am new to splunk. Just using this wonderful application for my day to day activity. Below is the search which I use daily to pull the table, with the little change in source information.
The file name (source) has a big name with current date in YYYYMMDD format.
Example : E:/Program Files/Quintiq/Quintiq 4.4.0/Log/QTCE_64_1516_20150626_0223_0.xml
Is it possible to derive the source information from
eval nowstring=strftime(now(), "%Y%m%d") with wildcard character *.
I wish to write a search in such a way that there should not be a requirement of changing the "Source" tag everyday.
... View more