Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to read and extract table format logs in Splun...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to read and extract table format logs in Splunk?
karthi2809
Builder
03-29-2023
10:03 PM
Thanks in Advance,
How to read and extract table format logs in splunk?
And i need DeviceID as field and with values as same for all fields
| 3/29/23 4:56:34.000 AM |
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C: System 389.45 475.14 81.97
P: Offline 389.45 475.14 81.97
|
| 3/29/23 4:56:34.000 AM |
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status Name DisplayName
------ ---- -----------
Stopped ALG Application Layer Gateway Service Running
Running Appinfo Application Information
|
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gcusello
SplunkTrust
03-29-2023
11:55 PM
Hi @karthi2809,
probably the solution could be kvform command (https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform).
Could you share some sample of your data?
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
karthi2809
Builder
03-30-2023
12:00 AM
Hi @gcusello This is my log file and i onboarded data in splunk
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status Name DisplayName
------ ---- -----------
Stopped ALG Application Layer Gateway Service
Running Appinfo Application Information
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C: System 389.45 475.14 81.97
P: Offline 389.45 475.14 81.97
29-Mar-2023 04:56:34:PM: |Application Running Process Status
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
1376 54 175332 238112 3,296.30 7516 4 Teams
9558 194 510488 458660 2,687.58 16488 4 OUTLOOK
926 47 46352 60284 1,959.77 2124 4 cptrayUI
1312 48 232896 175384 1,427.73 2684 4 msedge
3473 560 163948 282908 1,234.33 14368 4 msedge
29-Mar-2023 04:56:35:PM: |CPU Utilization %
Average
-------
11
29-Mar-2023 04:56:36:PM: |Memory Utilization %
MemoryUsage %
-------------
61.44
29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
Update KB NT AUTHORITY\SYSTEM 16/02/2023 12:00:00 AM
Security Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM
Update KB NT AUTHORITY\SYSTEM 23/03/2023 12:00:00 AM
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
