Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to show raw data in reports?

sdaruna
Explorer
‎12-16-2015 08:27 AM

Hi,

I index processed data into Splunk and my client might need to view the raw data file that is used to produce events as well.
Let's say, I am using xml and prepare a comma separated line from the file and index it in Splunk. Is there something that I can set in configuration so that the user sees the raw file that is used to produce the event?

0 Karma
Reply

spitinfra
New Member
‎02-22-2019 09:03 AM

It's work to me

0 Karma
Reply

spitinfra
New Member
‎02-22-2019 09:00 AM

It's work fine to me...

0 Karma
Reply

javiergn
Super Champion
‎12-16-2015 08:55 AM

You can display the raw data and the path of the file that generated the event using the following:

[yoursearchhere] | table _raw, source

Is that what you need?

Thanks,
J

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...