Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to read and extract table format logs in Splunk?

karthi2809
Builder
‎03-29-2023 10:03 PM

Thanks in Advance,

How to read and extract table format logs in splunk?

And i need DeviceID as field and with values as  same for all fields

 

3/29/23
4:56:34.000 AM
 
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID  VolumeName  FreeSpace (Gb)     Total (Gb)  FreePercent
 --------        ----------             --------------                ----------         -----------
C:                System              389.45                         475.14               81.97
P:                Offline                389.45                         475.14               81.97

 

3/29/23
4:56:34.000 AM
 
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status         Name                   DisplayName    
------             ----                         -----------
Stopped     ALG                       Application Layer Gateway Service Running
Running       Appinfo               Application Information
 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-29-2023 11:55 PM

Hi @karthi2809,

probably the solution could be kvform command (https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform).

Could you share some sample of your data?

Ciao.

Giuseppe

Reply

karthi2809
Builder
‎03-30-2023 12:00 AM

 

Hi @gcusello This is my log file and i onboarded data in splunk

 

29-Mar-2023 04:56:34:PM: |Services Status in Server

Status   Name               DisplayName                           
------   ----               -----------                           
Stopped  ALG                Application Layer Gateway Service     
Running  Appinfo            Application Information               


29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %

DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C:       System     389.45         475.14           81.97
P:       Offline    389.45         475.14           81.97


29-Mar-2023 04:56:34:PM: |Application Running Process Status

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName                                                                                                                          
-------  ------    -----      -----     ------     --  -- -----------                                                                                                                          
   1376      54   175332     238112   3,296.30   7516   4 Teams                                                                                                                                
   9558     194   510488     458660   2,687.58  16488   4 OUTLOOK                                                                                                                              
    926      47    46352      60284   1,959.77   2124   4 cptrayUI                                                                                                                             
   1312      48   232896     175384   1,427.73   2684   4 msedge                                                                                                                               
   3473     560   163948     282908   1,234.33  14368   4 msedge                                                                                                                               


29-Mar-2023 04:56:35:PM: |CPU Utilization %

Average
-------
     11


29-Mar-2023 04:56:36:PM: |Memory Utilization %

MemoryUsage %
-------------
61.44        


29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days

Source        Description      HotFixID      InstalledBy          InstalledOn               
------        -----------      --------      -----------          -----------               
              Update           KB           NT AUTHORITY\SYSTEM  16/02/2023 12:00:00 AM    
              Security Update  KB           NT AUTHORITY\SYSTEM  23/03/2023 12:00:00 AM    
              Update           KB           NT AUTHORITY\SYSTEM  23/03/2023 12:00:00 AM

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...