Essentially I have a working search but in the original data the username field is populated with a " \ " entry eg "splunk\fred". so if I use this in a populating search for a drop-down box this won't work as a filter as you need to have this format " \\ "
Anyone have any suggestions on how to manage this?
Original strings:
<![CDATA[sourcetype=pan_traffic earliest=-24h | stats count by src_user]]>
...
Applications
sourcetype=pan_traffic src_user="$username$" host="$site$" | top application
Application
Count
bar
...
... View more