Hello guys,
I have a search,
sourcetype=example "testword" OR "abcd" | table _time _raw
If I run this query, I get some result because triggered on the testword or abcd (string). My question, how do I find the word that causes the result to appear and that word I display in the table column?
Example:
table
_raw : abcd is the only alphabet
word : abcd
_time : 18:00
_raw : this only testword
word : testword
_time : 18:00
Please help me, create a value of column word from a word on a search, thanks.
... View more