Re: How to list field and their values?

truongvinh2112 · ‎08-11-2021

My log is formatted like this:

labels: {
       app: splunk-kubernetes-metrics
       app.kubernetes.io/managed-by: Helm
       chart: splunk-kubernetes-metrics-1.4.1
       engine: fluentd
       heritage: Helm
       release: splunk-monitor

How do I find a list of fields and their values? I want to list all the values in field labels.

Thanks!

codebuilder · ‎08-12-2021

Are you just trying to find out what fields are available?
If so you can simply run the following and look at the table or click on "events" to see all the fields.
(Use "head" to limit the results or choose a short time span with the time picker so that you dont get back the entire result set.)

index=your_index_name |head 100 |table *

----
An upvote would be appreciated and Accept Solution if it helps!

ITWhisperer · ‎08-11-2021

| extract
| rename labels.* as *

truongvinh2112 · ‎08-11-2021

I'm trying to build a K8s dashboard on Splunk. I tried your way but not working. Can you be more specific?

The image above is an example.

ITWhisperer · ‎08-11-2021

Sure. What do these images represent? What did you get when you tried my suggestion? Can you share the raw events in a code block </> so we can see what you are dealing with and try some tests?

How to list field and their values?

field extraction

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation