I have the following search set up:
search string
| fields host raw
| fields - _time _indextime _sourcetype _subsecond _serial _bkt _cd _si _kv _timediff | head 1
| join append [ stats count | fields - count ]
| eval SourcePath=WHAT TO PUT HERE?
| eval ConfigItem="Config Item"
| eval PAGER="Pager"
| eval TEAM="Team"
| eval GROUP="Group"
| eval SHORTDESCRIPTION="Short Description"
| table host _raw SourcePath Config.Item PAGER TEAM GROUP SHORTDESCRIPTION
| rex mode=sed "s/\,//g"
| rex mode=sed "s/[^a-zA-Z0-9-.]+/ /g"
| outputcsv file.csv
Everything is working as required, I am just not too sure what should I match eval SourcePath= with in order to obtain the string of the source log file's path?
Anyone able to assist?
Thanks a bunch!
Tom
... View more