Hi all
I have read the documentation and tested for hours but I am somehow not grasping how searching works.
I have 7000 events with multiple fields. I would like to display a table with one column called FieldA and populate the table with the value of FIELDA for every event where FIELDB = 00.000
Examples of the things I have tried:
index=index FIELDA | table FieldA | FIELDB=00.000
index=index FIELDA where FIELDB=00.000 AS FieldA by index
Any feedback or advice on how to achieve what i am trying to do would be much appreciated. The amount of Splunk documentation is a bit overwhelming.
Thank you!!!
... View more