Solved: How to return more than 10 columns in a table sear...

thomas_forbes · ‎08-27-2015

I have a search that searches for Windows Security Event IDs and displays the results in a table format. The maximum number of columns seems to be only 10, but in reality I am returning 15 to 20 columns (Event IDs) depending on what type of search I am running. I would like to increase the number of columns I can display to match the number of Event IDs that are returned from my original search.

somesoni2 · ‎08-27-2015

If you're using chart OR timechart to display your data in table, try to include "limit=0" with chart/timechart. Something like this

your base search | timechart count by sourcetype limit=0

View solution in original post

somesoni2 · ‎08-27-2015

If you're using chart OR timechart to display your data in table, try to include "limit=0" with chart/timechart. Something like this

your base search | timechart count by sourcetype limit=0

thomas_forbes · ‎08-27-2015

Hey somesoni2, that worked like a charm. I thought it was something simple. Thanks again for the help.

Tom

thomas_forbes · ‎08-27-2015

Hey somesoni2, that worked like a charm. I thought it was something simple. Thanks again for the help.

Tom

How to return more than 10 columns in a table search result?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio