I have the following separate event logs in Splunk:
"10/3/2016 11:30:24 AM","42646.7711166204","mail-server-01","mail-server-01","emails Received","emails Received","0 #","100.00"
"10/3/2016 11:30:50 AM","42646.7714199537","mail-server-01","mail-server-01","cpu","cpu","0 #","25.00"
They are different log events, but have the same fields:
10/3/2016: date
11:30:50 AM: time
mail-server-01: host
cpu or emails received: sensor
100.00 or 25.00: value_raw
I'd like to make a table to show the following (but having hard time with the same field values):
|mail-server-01 |100.00 |25.00 |
... View more