Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we decide to not show fields ?

magilbert1
Explorer
‎01-22-2019 11:40 AM

I have a log file date which is split on different fields ( date_hour, date_second, date_hour etc...)

Can i decide to only display : date_year,date_month, date_wday for example ?

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-22-2019 12:01 PM

Use the fields or table command to tell Splunk which fields to display. The fields command is typically used within a query to reduce the number of fields being processed. The table command is usually used at the end of a query to display results.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

dkeck
Influencer
‎01-22-2019 11:59 AM

Hi,

sounds like the default datetime fields from splunk, why do you want to discard them?

These fields are exracted from _time

0 Karma
Reply

magilbert1
Explorer
‎01-22-2019 12:03 PM

Because it's the only thing that change from a line to an other. So i don't need duplicate line in my table. I only one the message one time.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...