I have a simple entry in my logs like so:
types=["A","B","C"]
There are several entries like that throughout the logs. Another one could look like this:
types=["B","C"]
Is there a way to extract the values from this array of strings and create a bar chart out of the occurrences of each type? So if splunk only saw the above 2 long entries it would make a bar chart with
- "# of occurrences" on the y-axis
- "Types" on the x-axis
And it would show 1 for type A, 2 for type B and C.
What would be the search criterion?
↧