Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to stop index extraction fields displaying on the search head??

BuzzLights10
Explorer
‎06-01-2021 05:59 AM

Hello Community,

I want to remove a select few fields which are extracted by default like punct, splunkserver, etc. 

By remove, I mean I do not want these fields to be displayed when I search for data in these indexes on the Search head. 
I went through many posts but could not find anything appropriate as to how this can be achieved in the back end. Maybe I am missing something on the props or fields.conf files??

Any help is appreciated!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-04-2021 10:49 AM

I'm not aware of any way to control what is displayed in the "Interesting fields" area.  We can use the fields command to control what is displayed in search results, of course.

---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-01-2021 06:27 AM

If you run your searches in Fast Mode then Splunk will not perform search-time extractions.

For index-time extractions, the only one you can disable (AFAIK) is punct.  Use the ANNOTATE_PUNCT=false setting in props.conf to do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

BuzzLights10
Explorer
‎06-04-2021 09:37 AM

Hi @richgalloway 

Thank you for the reply . On some data sets when I need to see the detailed list of fields or to only see the fields i've manually extracted(basically running in smart or verbose)...is there any way to not display these default fields then??

Thanks again!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...