How to get the details of a field value that does ...

moiezuddin · ‎04-07-2015

How to get the details of field app=sencer, when it not shown in the values for the app field?

markthompson · ‎04-07-2015

Do you mean on your search results?

If so - On the left hand side is a panel that says "Fields", scroll to the bottom and it'll say "All Fields" Click that and it will bring up a list of all fields on that event. Select the tickbox and clicks save and it will show up.

If not - and you're trying to search for the field, as long as it exists, a simple

search ... | where app = "sencer"

Should do the trick

moiezuddin · ‎04-07-2015

im trying to search for the field

index=casm_prod sourcetype=smtrace | where app = "sencer"

Not result, but i can see anthor application listed in app values except "sencer"

markthompson · ‎04-07-2015

Also, be aware that you should use the table function inbetween, as it creates an output.

markthompson · ‎04-07-2015

As a shorter way, just include it in your original search index=casm_prod sourcetype=smtrace app=sencer

markthompson · ‎04-07-2015

try putting it in brackets WHERE (app="sencer")

How to get the details of a field value that does not appear in search results?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life