From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,500 courses taught by industry experts.
fields command - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
fields command
So now that we have already discussed the search language syntax and pipeline, let's see how we can apply some commands to the data that we retrieve from our index. So we are going to discuss different types of commands, and then you're going to see what those commands can do on your data. We're going to start here by looking at the fields command. The fields command is a command that you can use to filter the list of fields displayed in search results. So when you use the fields command this way, as we say fields, action, client, IP, category ID, jSession ID, you are saying that we should only retrieve four fields when getting our results from the index. So in this case, on the field sidebar under interesting fields, you are going to see that only those four fields are displayed for each event. Now we are going to have internal fields that we saw before, like the underscore row and underscore time that are always going to be returned because you want to make sure that you have the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.