Hi there,
I am new to Splunk.
I have data with the following structure, where each entry has an event name and a variable list of properties associated with that event:
{event=eventA, properties={propertyName1=123, propertyName2=abc}}
{event=eventA, properties={propertyName1=456, propertyName2=def}}
{event=eventB, properties={propertyName3=789}}
{event=eventC, properties={propertyName4=AAA, propertyName5=BBB}}
Events of type eventA will always have the same number and names of properties, which are different from the names and number of properties that other types of events have.
I want to ignore the values themselves, and create a search that results in a table that summarizes the properties that each event type has:
eventA propertyName1, propertyName2
eventB propertyName
eventC propertyName4, propertyName5
How can I do that?
... View more