Hi, today we are back with another tips and tricks blog. This is a very used use case if you are also a Splunk developer, you might also face the same things a number of times. There are so many times we know the field values but due to a lot of fields, it’s very difficult to find that value is part of which field. Today we will try to solve that mystery.
Let’s take a use case,
Suppose we have this data,
Here in the events, we have a keyword as “chrome” here we have more than 100 fields its pretty difficult to find this value as part of which field. So we will try to find that.
For this use case, we have a command known as “fieldsummary” with the help of that command we will solve this.
Result:
Explanation:
Here we are using “fieldsummary” command. That command will basically create a field called “values”, where we will get all the field values of that field will come separated by commas.
After that command I am simply using the search command over the “fields” to get my desired field, we will get that under “field”.
Check out the Fieldsummary command: “Splunk Command: Fieldsummary”
Happy Splunking!!
