Any way to align a long field value?

rkaakaty · ‎06-22-2017

When I insert my search query, both fields solution, and description, are displayed in a very long string, where the user has to scroll accross to read it all. Is there a way to make it look better?

Here is my code:

index=nessus cve=* | eval CVSS_SCORE =
cvss_base_score + cvss_temporal_score
| rename id as ID, cve as CVE,
plugin_name as Plugin_Name,
description as Description, solution
as Solution | table ID, Plugin_Name,
Description, CVE, Solution, CVSS_SCORE
| sort - CVSS_SCORE

Thank you

gcusello · ‎06-22-2017

Hi rkaakaty,
which browser are you using? on my Chrome if I have few fields with two long fields (like you) the two long fields are displayed on more rows!
every way, you could to cut your long fields taking the first (e.g.) 50 chars using eval:

index=nessus cve=* 
| eval CVSS_SCORE =cvss_base_score + cvss_temporal_score, description=substr(description,1,50),  solution=substr(solution,1,50)
| rename id as ID, cve as CVE, plugin_name as Plugin_Name,description as Description, solution as Solution 
| table ID, Plugin_Name, Description, CVE, Solution, CVSS_SCORE
| sort - CVSS_SCORE

Bye.
Giuseppe

rkaakaty · ‎06-22-2017

@cusello I am using chrome, and I didn't like leaving off the info, I just wish there was a way to make the test hit enter so it looks like this:

For example:

This is what my text looks like

This is what
I want my text
To look like

richgalloway · ‎06-22-2017

I've used Firefox and Chrome. Both browsers automatically wrap text to fit within a table column. Horizontal scrolling is only needed when there are too many columns to fit in the window.

---
If this reply helps you, Karma would be appreciated.

Any way to align a long field value?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life