Yes.. I know it.. I'm not so good on Splunk side.. that why I'm asking.. As I told i have more that 100+ such files as a source - some of them from different environment.. And I need just create dashboard and visualize users activities regarding with the environment.. I can construct this tables on segregated source. ... View more

Actually the fields not the same.. for example log: [I 2021-01-20 10:50:14.071 JupyterHub log:174] 302 GET / -> /jhub-test/hub/ (@10.161.10.174) 1.30ms log: [I 2021-01-19 08:05:10.633 JupyterHub login:43] User logged out: systematics   This is from the same source - So based on first row I can decide that user logged off from app in QA environment..       ... View more

I just want to construct a table for example: Environment                   User Activity               Username DEV                                        Logged IN                       systematics78   And I have sources from this environment but exactly with the same configuration For example from Dev Environment I have log file with several rows like this I log:187 10.161.2.165  some info I log:587 Logged-In systematics78 For sandbox environment I log:187 10.161.1.175  some info I log:587 Logged-In systematics78 The logs name generated randomly on daily basis.. So I have just one info - ip address - based on that I can decide that User activity is related with for example DEV or Sandbox environment So the main guest ion How I can create such report ... View more

Can I have more explanation what you exactly mean? ... View more

I have source from multiply environments - for example SandBox, Dev, QA etc.. with exact same configuration and need to segregate by environment - so need to filter source by searching ip address to identify the source relationship with environment and after use just that source with some events.. ... View more