Hello, i ran into the same problem and the search for "tag=web" or "eventtype=web-traffic" shows me a lot of results. But if i append "site=*" there no more results. Can you please tell me, what kind of splunk-object is "site"? Is it a Macro, a search-time variable, an lookup-outcome. What is the splunk-technique behind the search-value "site"? thank you & best regards Gerhard
... View more