Getting Data In

SELECTED FIELDS

fridays
Explorer

How to add fields to "selected fields" from the event. Some fields, such as name and sc_pl, are missing in the selected fields.
alt text

Tags (1)
0 Karma

fridays
Explorer

no fields.alt text

0 Karma

fridays
Explorer

This is All Fields. In splunk 6.5 all fields were in place. The problem appeared after the update on the splank 7.2.4

alt text

0 Karma

MoniM
Communicator

I am not sure if this will work for you or not. You can try by deleting the Field Aliases.

Below is the answer for the same issue:-
https://answers.splunk.com/answers/693737/splunk-720-field-aliases-incorrect-behavior.html

0 Karma

fridays
Explorer

In screensot select All fields. And no filters

0 Karma

nikita_p
Contributor

Hi Fridays,
How are you searching your fields?
If you want to see all selected fields you need to search it in verbose mode and also make sure the coverage selected is "All Fields"

0 Karma

MoniM
Communicator

Hi @fridays ,
One of the reason for this is the coverage percentage.
please find below snap for the setting in your "All Fields tab".alt text

woodcock
Esteemed Legend

Click on the All Fields link in the left-most panel under the histogram. Any field that has a checkmark will be a SELECTED FIELD.

0 Karma

fridays
Explorer

"All fields" - do not include all fields.alt text No serv, name and other fields.

0 Karma

woodcock
Esteemed Legend

It is relatively dynamic and will only show those fields that exist in your current search results. To get those other fields available, run a search that returns results with those fields (or just do something like | eval serv = "foo".

0 Karma

MoniM
Communicator

Hi fridays,
you can go to "All Fields" and from there you can select the required fields of your interest(check the box for the field you want).

Hope it helps!
Thanks

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...