One of the queries i'm using has a variable with a "-" and splunk is unable to get me the stats count using the variable.
Example : your search | stats count by Order-Type
Is there a limitation on the variable names to be used in splunk?
Note: I did get the final result by using regex.
Example: your search | rex field=_raw "Order-Type\=(?[\"A-Z_ ]+)" | stats count by type
↧