Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to read and extract table format logs in Splunk?

karthi2809
Builder
‎03-29-2023 10:03 PM

Thanks in Advance,

How to read and extract table format logs in splunk?

And i need DeviceID as field and with values as  same for all fields

 

3/29/23
4:56:34.000 AM
 
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID  VolumeName  FreeSpace (Gb)     Total (Gb)  FreePercent
 --------        ----------             --------------                ----------         -----------
C:                System              389.45                         475.14               81.97
P:                Offline                389.45                         475.14               81.97

 

3/29/23
4:56:34.000 AM
 
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status         Name                   DisplayName    
------             ----                         -----------
Stopped     ALG                       Application Layer Gateway Service Running
Running       Appinfo               Application Information
 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-29-2023 11:55 PM

Hi @karthi2809,

probably the solution could be kvform command (https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform).

Could you share some sample of your data?

Ciao.

Giuseppe

Reply

karthi2809
Builder
‎03-30-2023 12:00 AM

 

Hi @gcusello This is my log file and i onboarded data in splunk

 

29-Mar-2023 04:56:34:PM: |Services Status in Server

Status   Name               DisplayName                           
------   ----               -----------                           
Stopped  ALG                Application Layer Gateway Service     
Running  Appinfo            Application Information               


29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %

DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C:       System     389.45         475.14           81.97
P:       Offline    389.45         475.14           81.97


29-Mar-2023 04:56:34:PM: |Application Running Process Status

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName                                                                                                                          
-------  ------    -----      -----     ------     --  -- -----------                                                                                                                          
   1376      54   175332     238112   3,296.30   7516   4 Teams                                                                                                                                
   9558     194   510488     458660   2,687.58  16488   4 OUTLOOK                                                                                                                              
    926      47    46352      60284   1,959.77   2124   4 cptrayUI                                                                                                                             
   1312      48   232896     175384   1,427.73   2684   4 msedge                                                                                                                               
   3473     560   163948     282908   1,234.33  14368   4 msedge                                                                                                                               


29-Mar-2023 04:56:35:PM: |CPU Utilization %

Average
-------
     11


29-Mar-2023 04:56:36:PM: |Memory Utilization %

MemoryUsage %
-------------
61.44        


29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days

Source        Description      HotFixID      InstalledBy          InstalledOn               
------        -----------      --------      -----------          -----------               
              Update           KB           NT AUTHORITY\SYSTEM  16/02/2023 12:00:00 AM    
              Security Update  KB           NT AUTHORITY\SYSTEM  23/03/2023 12:00:00 AM    
              Update           KB           NT AUTHORITY\SYSTEM  23/03/2023 12:00:00 AM

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...