Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to read and extract table format logs in Splunk?

karthi2809
Builder
‎03-29-2023 10:03 PM

Thanks in Advance,

How to read and extract table format logs in splunk?

And i need DeviceID as field and with values as  same for all fields

 

3/29/23
4:56:34.000 AM
 
29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %
DeviceID  VolumeName  FreeSpace (Gb)     Total (Gb)  FreePercent
 --------        ----------             --------------                ----------         -----------
C:                System              389.45                         475.14               81.97
P:                Offline                389.45                         475.14               81.97

 

3/29/23
4:56:34.000 AM
 
29-Mar-2023 04:56:34:PM: |Services Status in Server
Status         Name                   DisplayName    
------             ----                         -----------
Stopped     ALG                       Application Layer Gateway Service Running
Running       Appinfo               Application Information
 

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-29-2023 11:55 PM

Hi @karthi2809,

probably the solution could be kvform command (https://docs.splunk.com/Documentation/Splunk/9.0.4/SearchReference/Kvform).

Could you share some sample of your data?

Ciao.

Giuseppe

Reply

karthi2809
Builder
‎03-30-2023 12:00 AM

 

Hi @gcusello This is my log file and i onboarded data in splunk

 

29-Mar-2023 04:56:34:PM: |Services Status in Server

Status   Name               DisplayName                           
------   ----               -----------                           
Stopped  ALG                Application Layer Gateway Service     
Running  Appinfo            Application Information               


29-Mar-2023 04:56:34:PM: |Application Disk Space utilization %

DeviceID VolumeName FreeSpace (Gb) Total (Gb) FreePercent
-------- ---------- -------------- ---------- -----------
C:       System     389.45         475.14           81.97
P:       Offline    389.45         475.14           81.97


29-Mar-2023 04:56:34:PM: |Application Running Process Status

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName                                                                                                                          
-------  ------    -----      -----     ------     --  -- -----------                                                                                                                          
   1376      54   175332     238112   3,296.30   7516   4 Teams                                                                                                                                
   9558     194   510488     458660   2,687.58  16488   4 OUTLOOK                                                                                                                              
    926      47    46352      60284   1,959.77   2124   4 cptrayUI                                                                                                                             
   1312      48   232896     175384   1,427.73   2684   4 msedge                                                                                                                               
   3473     560   163948     282908   1,234.33  14368   4 msedge                                                                                                                               


29-Mar-2023 04:56:35:PM: |CPU Utilization %

Average
-------
     11


29-Mar-2023 04:56:36:PM: |Memory Utilization %

MemoryUsage %
-------------
61.44        


29-Mar-2023 04:56:36:PM: |Path Installed on System in Last 90 days

Source        Description      HotFixID      InstalledBy          InstalledOn               
------        -----------      --------      -----------          -----------               
              Update           KB           NT AUTHORITY\SYSTEM  16/02/2023 12:00:00 AM    
              Security Update  KB           NT AUTHORITY\SYSTEM  23/03/2023 12:00:00 AM    
              Update           KB           NT AUTHORITY\SYSTEM  23/03/2023 12:00:00 AM

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...