https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636642#M221101 <P>&nbsp;</P><P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;This is my log file and i onboarded data in splunk</P><P>&nbsp;</P><LI-CODE lang="markup">29-Mar-2023 04:56:34:PM: |Services Status in Server Status Name DisplayName ------ ---- ----------- Stopped ALG Application Layer Gateway Service Running Appinfo Application Information 29-Mar-2023 04:56:34:PM: |Application Disk Space utilization % DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent -------- ---------- -------------- ---------- ----------- C: System 389.45 475.14 81.97 P: Offline 389.45 475.14 81.97 29-Mar-2023 04:56:34:PM: |Application Running Process Status Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName ------- ------ ----- ----- ------ -- -- ----------- 1376 54 175332 238112 3,296.30 7516 4 Teams 9558 194 510488 458660 2,687.58 16488 4 OUTLOOK 926 47 46352 60284 1,959.77 2124 4 cptrayUI 1312 48 232896 175384 1,427.73 2684 4 msedge 3473 560 163948 282908 1,234.33 14368 4 msedge 29-Mar-2023 04:56:35:PM: |CPU Utilization % Average ------- 11 29-Mar-2023 04:56:36:PM: |Memory Utilization % MemoryUsage % ------------- 61.44 29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- Update KB NT AUTHORITY\SYSTEM 16/02/2023 12:00:00 AM Security Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM </LI-CODE><P>&nbsp;</P> Fri, 31 Mar 2023 02:36:48 GMT karthi2809 2023-03-31T02:36:48Z https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636621#M221095 <P>Thanks in Advance,</P> <P>How to read and extract table format logs in splunk?</P> <P>And i need DeviceID as field and with values as&nbsp; same for all fields</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR> <TD><SPAN class=""><SPAN>3/29/23</SPAN><BR /><SPAN>4:56:34.000 AM</SPAN></SPAN></TD> <TD> <DIV class=""> <DIV class="">&nbsp;</DIV> <DIV class=""><SPAN class="">29-Mar-2023</SPAN> <SPAN class="">04:56:34:PM:</SPAN> |<SPAN class="">Application</SPAN> <SPAN class="">Disk</SPAN> <SPAN class="">Space</SPAN> <SPAN class="">utilization</SPAN> <SPAN class="">%</SPAN></DIV> <DIV class=""><SPAN class="">DeviceID</SPAN>&nbsp;&nbsp;<SPAN class="">VolumeName</SPAN>&nbsp;&nbsp;<SPAN class="">FreeSpace</SPAN> (<SPAN class="">Gb</SPAN>)&nbsp; &nbsp; &nbsp;<SPAN class="">Total</SPAN> (<SPAN class="">Gb</SPAN>)&nbsp;&nbsp;<SPAN class="">FreePercent</SPAN></DIV> <DIV class="">&nbsp;--------&nbsp; &nbsp; &nbsp; &nbsp; ----------&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--------------&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ----------&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;----------<SPAN class="">-</SPAN></DIV> <DIV class=""><SPAN class="">C:</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<SPAN class="">System</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<SPAN class="">389.45</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<SPAN class="">475.14</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<SPAN class="">81.97</SPAN></DIV> <DIV class=""><SPAN class="">P:</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<SPAN class="">Offline</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<SPAN class="">389.45</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<SPAN class="">475.14</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<SPAN class="">81.97</SPAN></DIV> </DIV> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <TABLE> <TBODY> <TR> <TD><SPAN class=""><SPAN>3/29/23</SPAN><BR /><SPAN>4:56:34.000 AM</SPAN></SPAN></TD> <TD> <DIV class=""> <DIV class="">&nbsp;</DIV> <DIV class=""><SPAN class="">29-Mar-2023</SPAN> <SPAN class="">04:56:34:PM:</SPAN> |<SPAN class="">Services</SPAN> <SPAN class="">Status</SPAN> <SPAN class="">in</SPAN> <SPAN class="">Server</SPAN></DIV> <DIV class=""> <DIV class=""><SPAN class="">Status&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Name</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<SPAN class="">DisplayName&nbsp; &nbsp;&nbsp;</SPAN></DIV> <DIV class="">------&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;----&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;----------<SPAN class="">-</SPAN></DIV> </DIV> <DIV class=""><SPAN class="">Stopped</SPAN>&nbsp; &nbsp; &nbsp;<SPAN class="">ALG</SPAN>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<SPAN class="">Application</SPAN> <SPAN class="">Layer</SPAN> <SPAN class="">Gateway</SPAN> <SPAN class="">Service</SPAN> <SPAN class="">Running</SPAN></DIV> <DIV class=""><SPAN class="">Running&nbsp; &nbsp; &nbsp; &nbsp;Appinfo&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Application Information</SPAN></DIV> <DIV class="">&nbsp;</DIV> </DIV> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> Thu, 30 Mar 2023 07:36:07 GMT https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636621#M221095 karthi2809 2023-03-30T07:36:07Z https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636639#M221100 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/205249">@karthi2809</a>,</P><P>probably the solution could be kvform command (<A href="https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform</A>).</P><P>Could you share some sample of your data?</P><P>Ciao.</P><P>Giuseppe</P> Thu, 30 Mar 2023 06:55:21 GMT https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636639#M221100 gcusello 2023-03-30T06:55:21Z https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636642#M221101 <P>&nbsp;</P><P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;This is my log file and i onboarded data in splunk</P><P>&nbsp;</P><LI-CODE lang="markup">29-Mar-2023 04:56:34:PM: |Services Status in Server Status Name DisplayName ------ ---- ----------- Stopped ALG Application Layer Gateway Service Running Appinfo Application Information 29-Mar-2023 04:56:34:PM: |Application Disk Space utilization % DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent -------- ---------- -------------- ---------- ----------- C: System 389.45 475.14 81.97 P: Offline 389.45 475.14 81.97 29-Mar-2023 04:56:34:PM: |Application Running Process Status Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName ------- ------ ----- ----- ------ -- -- ----------- 1376 54 175332 238112 3,296.30 7516 4 Teams 9558 194 510488 458660 2,687.58 16488 4 OUTLOOK 926 47 46352 60284 1,959.77 2124 4 cptrayUI 1312 48 232896 175384 1,427.73 2684 4 msedge 3473 560 163948 282908 1,234.33 14368 4 msedge 29-Mar-2023 04:56:35:PM: |CPU Utilization % Average ------- 11 29-Mar-2023 04:56:36:PM: |Memory Utilization % MemoryUsage % ------------- 61.44 29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days Source Description HotFixID InstalledBy InstalledOn ------ ----------- -------- ----------- ----------- Update KB NT AUTHORITY\SYSTEM 16/02/2023 12:00:00 AM Security Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM </LI-CODE><P>&nbsp;</P> Fri, 31 Mar 2023 02:36:48 GMT https://community.splunk.com/t5/Splunk-Search/How-to-read-and-extract-table-format-logs-in-Splunk/m-p/636642#M221101 karthi2809 2023-03-31T02:36:48Z