Hi, I am new to splunk and know the basics of search. Below is how my logs looks like.
2016-08-03 23:51:00,607 INFO [jmsContainer-5] ...
2016-08-03 23:31:06,453 INFO [jmsContainer-1] ...
2016-08-03 23:39:06,123 INFO [jmsContainer-10] ...
2016-08-03 23:20:06,581 INFO [jmsContainer-1] ...
2016-08-03 23:43:06,660 INFO [jmsContainer-15] ...
2016-08-03 23:32:07,551 INFO [jmsContainer-2] ...
I need to filter only the latest event from each jmsContainer (jmsContainer-1, jmsContainer-2,...jmsContainer-15) and show in as table like below.
jmsContainer _time _raw
jmsContainer-1 2016-08-03 23:31:06,453 ...
jmsContainer-2 2016-08-03 23:31:07,551 ...
.
.
jmsContainer-15
I read about merge multiple search queries but that does not help me. Right now I have started as simple as
jmsContainer-* | head 1 | table _time _raw
I know that was not the good solution, any help is much appreciated.
... View more