- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Community,
I dealt with csv files before, splunk would auto extracted so many fields, shown as figure 1.
But today, when I try to search these files again, only fewer fields are displayed... shown as figure 2.
And the fields I exacted manually also didn't shown... I don't know why... Really need help~~
figure1:
Figure 2:
Thanks in advance~
BR.
Cecilia
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Hi @cecilia_cheng1,
probably the second search was runned in Smart or Fast Mode, try in Verbose Mode and you'll have all the fields.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


Hi @cecilia_cheng1,
probably the second search was runned in Smart or Fast Mode, try in Verbose Mode and you'll have all the fields.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

Remember though that running searches in verbose mode is more resource-intensive because Splunk extracts all fields regardless of whether you need them or not.
It's often enough to run your search in fast mode but use "| fields + field1 field2 ..." to include the fields in the results. (the fields used in calculations within the processing pipeline are included automaticaly if I remember correctly).
