- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to make table in Splunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please provide different examples so that its very easy for us to understand.
explaining the example with eval command will be awarded.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Generate a table
To generate a table, write a search that includes a transforming command. From the Search page, run the search and select the Statistics tab to view and format the table.
You can use the table command in a search to specify the fields that the table includes or to change table column order.
Search examples
1) Transforming search
This search uses the chart transforming command.
index = _internal | chart avg(bytes) over sourcetype
2) Transforming search with the table command
This search generates a table with action, host, and count columns.
index = _internal | stats count by action, host
To change the columns that appear in the table or to change column order, add the table command to this search. For example, add | table host count to generate a table with only the host and count columns.
index = _internal | stats count by action, host | table host count
3) Using eval
| makeresults
| eval field_a ="My Value A", field_b ="Other Value B"
| table [|makeresults | eval search ="field_a field_b" | table search ]
Also, have a look at this table command reference doc there are many examples in this
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Table
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
Can you please help to make following type of tables using | makeresults command: -
| Column1 | Column2 |
| C1 | A,B,C |
| C2 | D,E,F,G |
| C3 | X |
| Column1 | Column2 |
| C1 | A |
| C1 | B |
| C1 | C |
| C2 | D |
| C2 | E |
| C2 | F |
| C2 | G |
| C3 | X |
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| makeresults | eval column1= "c1",column2="A,B,C"
|append[| makeresults | eval column1= "c2",column2="D,E,F,G"]
|append[| makeresults | eval column1= "c3",column2="X"]
| fields - _time
You can try like this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, it worked successfully.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Generate a table
To generate a table, write a search that includes a transforming command. From the Search page, run the search and select the Statistics tab to view and format the table.
You can use the table command in a search to specify the fields that the table includes or to change table column order.
Search examples
1) Transforming search
This search uses the chart transforming command.
index = _internal | chart avg(bytes) over sourcetype
2) Transforming search with the table command
This search generates a table with action, host, and count columns.
index = _internal | stats count by action, host
To change the columns that appear in the table or to change column order, add the table command to this search. For example, add | table host count to generate a table with only the host and count columns.
index = _internal | stats count by action, host | table host count
3) Using eval
| makeresults
| eval field_a ="My Value A", field_b ="Other Value B"
| table [|makeresults | eval search ="field_a field_b" | table search ]
Also, have a look at this table command reference doc there are many examples in this
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Table
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for your answer
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
