Re: How to list field and their values?

truongvinh2112 · ‎08-11-2021

My log is formatted like this:

labels: {
       app: splunk-kubernetes-metrics
       app.kubernetes.io/managed-by: Helm
       chart: splunk-kubernetes-metrics-1.4.1
       engine: fluentd
       heritage: Helm
       release: splunk-monitor

How do I find a list of fields and their values? I want to list all the values in field labels.

Thanks!

codebuilder · ‎08-12-2021

Are you just trying to find out what fields are available?
If so you can simply run the following and look at the table or click on "events" to see all the fields.
(Use "head" to limit the results or choose a short time span with the time picker so that you dont get back the entire result set.)

index=your_index_name |head 100 |table *

----
An upvote would be appreciated and Accept Solution if it helps!

ITWhisperer · ‎08-11-2021

| extract
| rename labels.* as *

truongvinh2112 · ‎08-11-2021

I'm trying to build a K8s dashboard on Splunk. I tried your way but not working. Can you be more specific?

The image above is an example.

ITWhisperer · ‎08-11-2021

Sure. What do these images represent? What did you get when you tried my suggestion? Can you share the raw events in a code block </> so we can see what you are dealing with and try some tests?

How to list field and their values?

field extraction

stats

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?