Solved: Can I select specified fields with the Python SDK?

anshanno · ‎08-22-2016

I'd like to write a python script to select only certain fields such as the UI does (example below) and load them into a pandas dataframe.

alt text

jkat54 · ‎08-22-2016

Yes, just use the fields command in your search string:

...|fields Action bug_id Host User

jkat54 · ‎08-22-2016

Yes, just use the fields command in your search string:

...|fields Action bug_id Host User

anshanno · ‎08-22-2016

Awesome, thank you so much! I wasn't able to find this in the documentation.

EDIT: is there away to get rid of the extra garbage too, I am presuming something like ...|exclude fields yada yada?

Action,User,"b_Project",Host,"_bkt","_cd","_indextime","_kv","_raw","_serial","_si","_sourcetype","_subsecond","_time"

jkat54 · ‎08-22-2016

It's ... | fields - thisOne thatOne

minus removes... plus adds / technically works too if you need to add a blank field, or if you just want to be verbose

... | fields + Action bug_id Host User
is same as
... | fields Action bug_id Host User

Can I select specified fields with the Python SDK?