I have a Unique search string that does return the specific event that should be in the result. This string return the event: index=bec_ci_prod SWIFT-TEST-RMA-AskProfileDeploySwitch deploy_status_type=info direction=exiting This string does not: index=bec_ci_prod SWIFT-TEST-RMA-AskProfil...
However, you can use specific number if you know what could be the upper limit for unique app_status field values. The following run anywhere example based on Splunk's _internal index shows only 5 of all the components. index=_internal sourcetype=splunkd log_level!="IN...
However, you can use specific number if you know what could be the upper limit for unique app_status field values. The following run anywhere example based on Splunk's _internal index shows only 5 of all the components. index=_internal sourcetype=splunkd log_level!="I...