Unfortunately, I have been indexing the events which have a key named "source" and splunk by default treat the key "source" as the source of the events.
Now, when I am trying to retrieve the values from key "source", it is providing me the event source.
Is there any way to retrieve the source key values from the events instead event sources(directories) or it is a bug/conflicts!
Can anyone help me in this situation, how can I get the values without using regex/rex cmds?
↧