How to display a table row that expands with more ...

splunkrocks2014 · ‎04-17-2017

I wonder if Splunk is able to display a table statistic with the following layout. Does anyone know? Thanks

Category                                  Findings
=======                                   ========
OS                                        100
     Windows                              50
          Browser                         50
             IE                           10
             Chrome                       40
     UNIX                                 50
Total                                     100

jpolcari · ‎04-17-2017

Yes, you can. If you use addtotals you are able to specify a totals row. You would want to use something like:

| rest of search | table Category Findings | addtotals row=f col=t labelfield=Category Findings

splunkrocks2014 · ‎04-18-2017

Hi jpolcari, my bad, I didn't describe properly. The "category" is a makeup field. OS and Browser are the field names. If put them into a table, it looks like the following:

OS                            Browser                       Findings
=====                      ===========              ============
Windows                 IE                                   finding_01
Windows                 IE                                   finding_02
Windows                 Chrome                        finding_03
UNIX                                                               finding_04
...

How to display a table row that expands with more than one level?

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...