I've defined a sourcetype for CSV data with a fixed header
and data that looks like:
Date,Color,Data1,Data2
2015-01-30 10:11:12,Red,1.1,1.01
2015-01-30 10:11:12,Green,0,0
2015-01-30 10:11:13,Red,2.2,2.02
2015-01-30 10:11:14,Red,3.3,3.03
...
so the header contains the field names of the sourcetype.
What is the best way to search, using something like
this pseudo-SQL query:
SELECT Color1 WHERE Color=Red
Splunk looks like it can do much more than this but
I'd like to start out simple. I tried queries that I thought
included the clause
...WHERE Color=Red
in Splunk-speak but I couldn't figure out how to reference
the pre-defined columns, because there's no sense looking
for 'Red' in the Date or Data fields.
Thank you.
... View more