Hi,
Im new to splunk and Im not a developer, and I got stuck trying to make a simple graphical display in dashboard showing syslog sources, using syslogs given hostnames. In example below (AP01-MATRIX).
If i use the "chart count by host" it gives me a graphic with 197.116.14.182 but I need to use AP01-MATRIX instead. I thought about using something simple like get the 4th item separated by colon, but I dont know how.
Feb 10 12:22:26 197.116.14.182 274: AP01-MATRIX: Mar 4 12:22:26.490 UTC: %DOT11-4-CCMP_REPLAY: Client baf6.85f8.1da6 had 1 AES-CCMP TSC replays
host = **197.116.14.182* source = udp:514 sourcetype = syslog
Thanks in advance.
... View more