How to exclude certain fields in json logs from be... - Splunk Community

Getting Data In

Hi All,

Is there a way to exclude certain fields from my JSON data? For example: I have the below JSON Format event with fields A , B and C.

{

A : XXXX..
B : YYYY...
C : ZZZZ....

}

Is there a way to remove the fields B and C along with its values from the search result?

You can use SEDCMD to replace with empty strings. See if this link helps

http://docs.splunk.com/Documentation/Splunk/6.5.0/Data/Anonymizedata

props.conf

[sourcetype stanza]
SEDCMD-removefieldB = s/B:\w+//g
SEDCMD-removefieldC = s/C:\w+//g

Thankyou @sundareshr

@saranya_fmr, if you accept this answer, please mark the "accept" link and @sarnagar will get delicious karma points and the rest of us will know this works as an answer.

Thankyou..

Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...