My query works from Splunk Web UI and returns field values of `Source` in a `table` form, but it doesn't work from the CLI.
Splunk web returns
Source
==========
stock
funds
Splunk CLI returns output EMPTY
Source
===========
Splunk CLI doesn't returns the field values with the table command.
splunk search "index=apps sourcetype=weblogs | rex field=_raw \'Source:\s(?.*)\' | search Source | dedup Source | table Source" user admin password changeme
I have tried with `eval` and `fields` command instead of `table`
splunk search "index=apps sourcetype=weblogs | rex field=_raw \'Source:\s(?.*)\' | search Source | dedup Source | eval chicken=Source | fields chicken" user admin password changeme
but still it output empty values
chicken
===========
But it works well in web search results
Is there any other way to display the field values from command interface ?