Hello,
I want to display only the specify field(s) of the logs in the results display.
Using:
*|fields + ProductName
Instead of displaying only the ProductName field,
splunk display me with the whole log.
Is there something wrong with the search string i key in?
or i grip the concept of fields function wrongly?
Thanks in advance.
The fields
command only controls which fields should be available from a search, for use by other commands. To show your search results as a list of fields in tabular format, use table
. Like this:
... | table ProductName
The fields
command only controls which fields should be available from a search, for use by other commands. To show your search results as a list of fields in tabular format, use table
. Like this:
... | table ProductName
Thank it really help alots.