I'm a complete Splunk newbie and have a log statement that logs a List<String> of ID's from my Java application i.e.
log.info("ID's are {}", idList);
Using the Splunk Enterprise Dashboard, i want to display a Single Value as a count which would represent the total number of entries in the list and also display the list of ID's in a separate table view.
Using the Search with SPL option in the Dashboard, i get one row using the following:
sourceType="cf:logmessage" AND cf_app_name=my_app
| regex msg="MyClass.ID's are"
| stats sum(linecount) as Total
The question is, how do I access the idList to iterate it to count the total number of items and also print each item from the list in a separate table view?