Splunk Dev

Can I select specified fields with the Python SDK?

anshanno
Path Finder

I'd like to write a python script to select only certain fields such as the UI does (example below) and load them into a pandas dataframe.

alt text

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

Yes, just use the fields command in your search string:

...|fields Action bug_id Host User

View solution in original post

jkat54
SplunkTrust
SplunkTrust

Yes, just use the fields command in your search string:

...|fields Action bug_id Host User

anshanno
Path Finder

Awesome, thank you so much! I wasn't able to find this in the documentation.

EDIT: is there away to get rid of the extra garbage too, I am presuming something like ...|exclude fields yada yada?

Action,User,"b_Project",Host,"_bkt","_cd","_indextime","_kv","_raw","_serial","_si","_sourcetype","_subsecond","_time"

0 Karma

jkat54
SplunkTrust
SplunkTrust

It's ... | fields - thisOne thatOne

minus removes... plus adds / technically works too if you need to add a blank field, or if you just want to be verbose

... | fields + Action bug_id Host User
is same as
... | fields Action bug_id Host User

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...