List all fields for an index

A few different queries / methods to list all fields for indexes.

index=yourindex| fieldsummary | table field

or

index=yourindex | stats values(*) AS * | transpose | table column | rename column AS Fieldnames

or

index=yourindex | stats dc() as * | transpose

or ;-)

index=yourindex | table *

Share This:

Tagged: fields helpful hints

Comments

Greg Smith January 19, 2022 at 11:23 am

index=your_index
| fieldsummary
| fields field values

Reply
1. splunk-pony December 1, 2022 at 3:46 pm
  
  It may just be on my instance but when using the fieldsummary command, the distinct count of values returned truncates to 500. There may be a limit configuration adjustment somewhere that would accommodate this.
  
  Reply

Leave A Comment? Click here to cancel reply.

Newest | Active

banshee

Active 8 hours, 15 minutes ago
Яромир

Active 13 hours, 58 minutes ago
Борис

Active 1 day, 2 hours ago
Sanjai

Active 6 days, 17 hours ago
bewafaha

Active 1 week, 2 days ago