Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to read and extract table format logs in Splun...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to read and extract table format logs in Splunk?
karthi2809
Builder
03-29-2023
10:03 PM
Thanks in Advance,
How to read and extract table format logs in splunk?
And i need DeviceID as field and with values as same for all fields
| 3/29/23 4:56:34.000 AM |
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C: System 389.45 475.14 81.97
P: Offline 389.45 475.14 81.97
|
| 3/29/23 4:56:34.000 AM |
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status Name DisplayName
------ ---- -----------
Stopped ALG Application Layer Gateway Service Running
Running Appinfo Application Information
|
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
03-29-2023
11:55 PM
Hi @karthi2809,
probably the solution could be kvform command (https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform).
Could you share some sample of your data?
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
03-30-2023
12:00 AM
Hi @gcusello This is my log file and i onboarded data in splunk
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status Name DisplayName
------ ---- -----------
Stopped ALG Application Layer Gateway Service
Running Appinfo Application Information
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C: System 389.45 475.14 81.97
P: Offline 389.45 475.14 81.97
29-Mar-2023 04:56:34:PM: |Application Running Process Status
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
1376 54 175332 238112 3,296.30 7516 4 Teams
9558 194 510488 458660 2,687.58 16488 4 OUTLOOK
926 47 46352 60284 1,959.77 2124 4 cptrayUI
1312 48 232896 175384 1,427.73 2684 4 msedge
3473 560 163948 282908 1,234.33 14368 4 msedge
29-Mar-2023 04:56:35:PM: |CPU Utilization %
Average
-------
11
29-Mar-2023 04:56:36:PM: |Memory Utilization %
MemoryUsage %
-------------
61.44
29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
Update KB NT AUTHORITY\SYSTEM 16/02/2023 12:00:00 AM
Security Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM
Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
