Dear All,
we have encountered one problem
we designed a script to find out where the result is.
20110112_182817 result_fl = /opt/splunk/var/run/splunk/dispatch/scheduler_owenchuang_search_Q1BFLUFTQ0NfU05NUC1UUkFQLUxJTkstRE9XTi10ZXN0XzExMV8x_at_1294828080_948519812/results.csv.gz
The result is as below but there are some fields beginning with "_mv"
"Date_time_2",NeName,"family_type_detail",iFName,"__mv_Date_time_2","__mv_NeName","__mv_family_type_detail","__mv_iFName"
"Jan 12 00:58:50","ASCC-HKBR0: 202.169.111.249","SNMP_TRAP_LINK_DOWN","so-3/0/0.6",,,,
"Jan 12 00:58:50","ASCC-HKBR0: 202.169.111.249","SNMP_TRAP_LINK_DOWN","so-3/0/0.0",,,,
"Jan 12 00:58:50","ASCC-JPBR0: 202.169.111.250","SNMP_TRAP_LINK_DOWN","so-4/2/0",,,,
We have tried "* | fields -_" and also " | fields - _mv*"
but it's not working
if we ask splunk to just show the fields we want, and ignore the fields we don't want,
why are some fields still coming out?
Is there any solution that we can remove the fields we do not want?
then we can put the correct result to our alarm system.
tks for any suggestions.
Anthony
... View more