Why is the Splunk Web service not running after an upgrade to 6.2? Learn more »
I want a form that will allow a user to "build" the appropriate "source" (or log file name) based on selecting various pieces of data.
So the fields will be like this:
Date Application Server
I want to then build a string to use in the search.
Trying to use eval but getting now where....
sourcetype=MySourceType | eval sourcelog=Date."-".Application."-".Server.".log" |search source=sourcelog
This always returns 0 results. If I leave out the search function, the sourcelog field is populated.
Once I can get this search to work, I can use it in the populatingsearch function of the form.