The text field in my event contains A LOT of data.
json snipped :
{"Date":"2018-12-05T12:04:04.71","ID":"00000000-0000-0000-0000-000000000000","Text":"*** Environment changed due to [Average CPU ] : normalSliceUsage=0.00% * totalWeightUsage=0.00 * userCount=0 * clinicalUserCount=0 * AvgCPUUsage=9.97% * AvailableMemory=6458MB ***}
What i'm trying to do is write a search that will get all values of on/all fields.
i.e. "get all values of userCount"
i have had some progress using eval and split
eval values=split(Text," * ") |
eval temp=mvindex(values,0)|
eval temp=split(temp,"=")|eval temp=mvindex(temp,1)|convert rmunit(temp)|
eval normalSliceUsage=temp| table Date normalSliceUsage
... View more