Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Output only specific field values to CLI

jones4bob
Explorer
‎06-23-2010 04:59 PM

I'm trying to pull data from the CLI to pipe to awk to pipe to ... I can't seem to find the correct syntax to say, for example, just pull a single field from a record, rather than pulling everything in each event. Older examples seem to indicate that I can pipe the search to 'fields + field1 field2' but this still only produces the entire event information. What am I missing?

Tags (2)
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎06-23-2010 08:59 PM

you can also use the table search command instead of fields.

Reply

swdonline
Path Finder
‎03-30-2012 12:23 PM

Interestingly, in 4.3.1, when I use this for the cli (which works fine in the GUI):
table a b c d e
I get these results:
a d e b c
Why would table return fields in a different order from the CLI?

0 Karma
Reply

jones4bob
Explorer
‎06-23-2010 05:52 PM

I think I've found what I was looking for.

The syntax for pulling specific fields appears to need to work like this: fields field1 field2 | fields - _*

It looks like that last pipe to fields is needed to remove the remainder of the fields from the search result. This worked for me and produced the desired output for awk to process.

Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...