Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we decide to not show fields ?

magilbert1
Explorer
‎01-22-2019 11:40 AM

I have a log file date which is split on different fields ( date_hour, date_second, date_hour etc...)

Can i decide to only display : date_year,date_month, date_wday for example ?

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-22-2019 12:01 PM

Use the fields or table command to tell Splunk which fields to display. The fields command is typically used within a query to reduce the number of fields being processed. The table command is usually used at the end of a query to display results.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

dkeck
Influencer
‎01-22-2019 11:59 AM

Hi,

sounds like the default datetime fields from splunk, why do you want to discard them?

These fields are exracted from _time

0 Karma
Reply

magilbert1
Explorer
‎01-22-2019 12:03 PM

Because it's the only thing that change from a line to an other. So i don't need duplicate line in my table. I only one the message one time.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...