Im new to splunk and Im not a developer, and I got stuck trying to make a simple graphical display in dashboard showing syslog sources, using syslogs given hostnames. In example below (AP01-MATRIX).
If i use the "chart count by host" it gives me a graphic with 184.108.40.206 but I need to use AP01-MATRIX instead. I thought about using something simple like get the 4th item separated by colon, but I dont know how.
Feb 10 12:22:26 220.127.116.11 274: AP01-MATRIX: Mar 4 12:22:26.490 UTC: %DOT11-4-CCMP_REPLAY: Client baf6.85f8.1da6 had 1 AES-CCMP TSC replays
host = **18.104.22.168* source = udp:514 sourcetype = syslog
Thanks in advance.
... View more