Hello,
Is there a way to split out the unique values of a field into separate fields that are returned after a search?
For example, my search returns the following syslog messages
Login Success from 1.1.1.1
Login Failed from 2.2.2.2
Login Failed from 1.1.1.1
Splunk has extracted the following field "field 1" which contains the "Success" and "Failed" string values
Is there a way (preferably eval command) to extract these values into there own unique fields, i.e field2=Failed, field3=Success
This is so I can use a table command like the following
| table ip, field1, field2, field3
Thank you
↧