Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we decide to not show fields ?

magilbert1
Explorer
‎01-22-2019 11:40 AM

I have a log file date which is split on different fields ( date_hour, date_second, date_hour etc...)

Can i decide to only display : date_year,date_month, date_wday for example ?

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-22-2019 12:01 PM

Use the fields or table command to tell Splunk which fields to display. The fields command is typically used within a query to reduce the number of fields being processed. The table command is usually used at the end of a query to display results.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

dkeck
Influencer
‎01-22-2019 11:59 AM

Hi,

sounds like the default datetime fields from splunk, why do you want to discard them?

These fields are exracted from _time

0 Karma
Reply

magilbert1
Explorer
‎01-22-2019 12:03 PM

Because it's the only thing that change from a line to an other. So i don't need duplicate line in my table. I only one the message one time.

0 Karma
Reply
Get Updates on the Splunk Community!

Machine Learning - Assisted Adaptive Thresholding

Let’s talk thresholding. Have you set up static thresholds? Tired of static thresholds triggering false ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...