I have several `eventtypes` that are extracted in various apps. This stopped working after I upgraded to `8.0.0`
Its not fully gone, f.eks this works fine.
index=main eventtype=error
But I do not see any `eventtype` in the `selected` or `interesting fields`.
Also it does not show any `eventtype` if I do this:
index= main eventtype=error | table _time eventtype _raw
`Eventtype` field are empty and I can not search for `eventtype` after `table` function has been used.
First time I have seen some like this broken after an upgrade. Has been using Splunk in large scale last 8 yeares
EDIT:
Did create a new eventtype from "Settings" -> "Event Types" a test.
Does not show up in field list, but
index=main eventtype=test
do work fine.
index=main eventtype=test
| table eventtype
Does not show anything
↧