Hi everyone, I'm trying to correlate some events that have same field and then to output the results to a table. Example of raw data: test d34e9bca-cfd9-11ea-9873-962481bd1187 Overall Executions in this runtime: 295 test d34e9bca-cfd9-11ea-9873-962481bd1187 End Execution test d34e9bca-cfd9-11ea-9873-962481bd1187 Total Execution Time: 1.6354868500493467 test d34e9bca-cfd9-11ea-9873-962481bd1187 Query Elapsed Time 0.5768028399907053 test d34e9bca-cfd9-11ea-9873-962481bd1187 Query Status: Success test d34e9bca-cfd9-11ea-9873-962481bd1187 Query Result: {"EXPR$0":{"0":1595834505}} test d34e9bca-cfd9-11ea-9873-962481bd1187 Connection elapsed time: 1.056466632988304 test d34e9bca-cfd9-11ea-9873-962481bd1187 Establishing connection as: user@domain test d34e9bca-cfd9-11ea-9873-962481bd1187 Begin Execution For each "test" I have 9 events in Splunk. I want to output to a table like: ID, Query_status, Query_time, Total_time d34e9bca-cfd9-11ea-9873-962481bd1187, Success, 0.57, 1.63 Which would be the best method to accomplish this?
... View more