I have data in the following format:
GenericHostName1=vm1,vm2,vm3,vm4;
GenericHostName2=vm5,vm6,vm7;
When I search for GenericHostName1, the only associated value with that field is 'vm1' instead of the whole list of VMs. Splunk is only associating the first value in the comma separated list and I want all of them. How would I go about making a search that will return all of the values in the list and not just the first one? Would it help if I were to change the way my data is originally created?
Thanks in advanced,
-RMD
↧