You could win up to $50,000 building Splunk apps in the Splunk>Apptitude contest. Learn more »
I want a form that will allow a user to "build" the appropriate "source" (or log file name) based on selecting various pieces of data.
So the fields will be like this:
I want to then build a string to use in the search.
Trying to use eval but getting now where....
sourcetype=MySourceType | eval sourcelog=Date."-".Application."-".Server.".log" |search source=sourcelog
This always returns 0 results. If I leave out the search function, the sourcelog field is populated.
Once I can get this search to work, I can use it in the populatingsearch function of the form.
Not Reading Dropdown Form Tokens 2 Answers
Combine two fields values in 1 value 1 Answer
| pivot and eval 2 Answers