I have a dotnet application logging template formatted log messages with serilog library and since everything is in JSON format they are great to filter my results when I know the fields to use but I am having a hard time just to read logs when I dont know the fields available. So for example, the application might log things like: Log.Information("Just got a request {request} in endpoint {endpoint} with {httpMethod}", request,endpoint, httpMethod); And in Splunk I will see something like: { "msg": { "@mt": "Just got a request {request} in endpoint {endpoint} with {httpMethod}", "@sp": "11111", "request": "some_data", "endpoint": "some_url". "httpMethod": "POST" } } So this is awesome to create splunk queries using msg.request or msg.endpoint, but since the application logs pretty much everything using these message templates from serilog, when I am just doing investigations, I have a hard time in making readable results because everythig is hidden behind a placeholder. I am trying to achieve something like in Splunk Search: <some_guid> index=some_index | table _time msg.@mt and of course the msg.@mt will just give me the log line with the placeholders, but how can I just bring back the full log line in the table with the actual values? ... View more