I can obtain a list of fields within an index eg.
index=bind_queries | stats values(*) AS * | transpose | table column | rename column AS Fieldnames
and a list of all indexes,
| eventcount summarize=false index=* index=_* | dedup index
But I'm struggling to successfully join the two.
Anyone know of a solution?
↧