- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to display search results of a query in a tabl...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
1.Basic Search Criteria index=Logs_idx Cricket HOST=India "Top 10 Overs Average"
2. Now I am creating a table out of the results obtained.
table Player _time StrikeRate Score
3. Want to also display the results or raw events obtained by search in table.
Current Query : index=Logs_idx Cricket HOST=India "Top 10 Overs Average"
| table Player _time StrikeRate Score
Want to add subsearch.
Tried writing query like this
index=Logs_idx Cricket HOST=India "Top 10 Overs Average"
| table Player _time StrikeRate Score [search = index=Logs_idx Cricket HOST=India "Top 10 Overs Average" ]
| table Player _time StrikeRate Score
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Do you want to display the raw events in the table? Normally, _raw field has the raw event. See if following query helps:
index=Logs_idx Cricket HOST=India "Top 10 Overs Average"
| table Player _time StrikeRate Score _raw
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Do you want to display the raw events in the table? Normally, _raw field has the raw event. See if following query helps:
index=Logs_idx Cricket HOST=India "Top 10 Overs Average"
| table Player _time StrikeRate Score _raw
Thanks!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks it worked !!!
Would you also be able to suggest the way how this can be done using a subsearch.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Subsearch has a limit. If you are looking at large data set (events more thant 50,000), then subsearch will not work. Any specific reason why you want to use subsearch?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Thanks for replying..
Actually i have another dashboard in which i am searching the logs for a set of pattern.
Query:
index=cricket_idx |rex field=_raw max_match=0 "{\d.\d\,player\,.*?(?P<STATUS>)\,(?P<RESPONSE>\d+)" |stats count by STATUS,RESPONSE,_time |search STATUS="S" | timechart avg(RESPONSE) as RESPONSE |eval 30DayAvg=250
I am running the above query multiple times for different "player". And its taking long time. So i was wondering, if I could write a main query and then extract the values for each panel based on "player" name.
Kindly advise.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
