Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Output only specific field values to CLI

jones4bob
Explorer
‎06-23-2010 04:59 PM

I'm trying to pull data from the CLI to pipe to awk to pipe to ... I can't seem to find the correct syntax to say, for example, just pull a single field from a record, rather than pulling everything in each event. Older examples seem to indicate that I can pipe the search to 'fields + field1 field2' but this still only produces the entire event information. What am I missing?

Tags (2)
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎06-23-2010 08:59 PM

you can also use the table search command instead of fields.

Reply

swdonline
Path Finder
‎03-30-2012 12:23 PM

Interestingly, in 4.3.1, when I use this for the cli (which works fine in the GUI):
table a b c d e
I get these results:
a d e b c
Why would table return fields in a different order from the CLI?

0 Karma
Reply

jones4bob
Explorer
‎06-23-2010 05:52 PM

I think I've found what I was looking for.

The syntax for pulling specific fields appears to need to work like this: fields field1 field2 | fields - _*

It looks like that last pipe to fields is needed to remove the remainder of the fields from the search result. This worked for me and produced the desired output for awk to process.

Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...