Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted
Solved! Jump to solution

How to create a report only showing values for 4 fields?

rmcole
New Member
‎08-22-2014 10:13 AM

Greetings, I'm trying to create a report that only shows 3 things in a search. I need to be able to not show everything else.
This is my search:

host=192.168.64.18 Group=* Username=* IP=* NOT "Session disconnected" NOT "Connection terminated for peer*"

I would prefer not having to do huge number of NOT statements to remove that extra fields.

Thanks

Tags (2)
0 Karma
Reply
1 Solution
Highlighted
Solved! Jump to solution

Re: How to create a report only showing values for 4 fields?

strive
Influencer
‎08-22-2014 10:26 AM

Do you need only Group, Username and IP as fields in your report?

0 Karma
Reply
Highlighted
Solved! Jump to solution

Re: How to create a report only showing values for 4 fields?

rmcole
New Member
‎08-22-2014 10:28 AM

yes plus the host. The idea for this report is for another group to run it and see who is connected via VPN

0 Karma
Reply
Highlighted
Solved! Jump to solution
Solution

Re: How to create a report only showing values for 4 fields?

strive
Influencer
‎08-22-2014 10:33 AM

Try this

Some search terms...| table host Group Username IP

Some search terms means: index=<your index name> earliest=<time that you need> latest=<time that you need>

and other search terms as per your need

View solution in original post

Reply