Hi,
My search is like given below and my column names are source file names. As the source file name consists of directory name, timestamp etc, it is too long to be a column name. I have extracted another field log_name with just the name of the source file without any time stamp or other stuffs. but how can i use the log_name variable in the search so that i can replace the source file name with log name.
I know that, there is an alternative idea of extracting the log_name during search time but i don't want the search to be some more lengthy, so i didn't do that. I am curious to know whether there is any other alternative for the same.
Search Query :
index=main source="$sources$"
| stats values(wrkf) as "Work Name", values(name) as "Name", values(folder) as "Folder Name", values(reponame) as "Repo Name", values(version) as "Version", values(mode) as "Mode",values(order) as "Order"
|transpose
|rename column as Properties, "row 1" as "$sources$"
|appendcols [ search index=main source="$sourcessecond$"
| stats values(wrkf) as "Work Name", values(name) as "Name", values(folder) as "Folder Name", values(reponame) as "Repo Name", values(version) as "Version", values(mode) as "Mode",values(order) as "Order"
|transpose |rename column as Properties, "row 1" as "$sourcessecond$"]
|where '$sources$'!= '$sourcessecond$'
Please Help
Thank You
... View more