https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391129#M113863 <P>Hi all<BR /> I have read the documentation and tested for hours but I am somehow not grasping how searching works.</P> <P>I have 7000 events with multiple fields. I would like to display a table with one column called FieldA and populate the table with the value of FIELDA for every event where FIELDB = 00.000</P> <P>Examples of the things I have tried:</P> <PRE><CODE>index=index FIELDA | table FieldA | FIELDB=00.000 index=index FIELDA where FIELDB=00.000 AS FieldA by index </CODE></PRE> <P>Any feedback or advice on how to achieve what i am trying to do would be much appreciated. The amount of Splunk documentation is a bit overwhelming.</P> <P>Thank you!!!</P> Thu, 21 Jun 2018 10:04:16 GMT rayleadingham 2018-06-21T10:04:16Z https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391129#M113863 <P>Hi all<BR /> I have read the documentation and tested for hours but I am somehow not grasping how searching works.</P> <P>I have 7000 events with multiple fields. I would like to display a table with one column called FieldA and populate the table with the value of FIELDA for every event where FIELDB = 00.000</P> <P>Examples of the things I have tried:</P> <PRE><CODE>index=index FIELDA | table FieldA | FIELDB=00.000 index=index FIELDA where FIELDB=00.000 AS FieldA by index </CODE></PRE> <P>Any feedback or advice on how to achieve what i am trying to do would be much appreciated. The amount of Splunk documentation is a bit overwhelming.</P> <P>Thank you!!!</P> Thu, 21 Jun 2018 10:04:16 GMT https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391129#M113863 rayleadingham 2018-06-21T10:04:16Z https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391130#M113864 <P>Hey@rayleadingham,</P> <P>You can try this:<BR /> index=index | table FieldA FieldB | where FieldB="00.000"</P> <P>Let me know if this helps!!</P> Thu, 21 Jun 2018 11:34:03 GMT https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391130#M113864 deepashri_123 2018-06-21T11:34:03Z https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391131#M113865 <P>@deepashri, I think right way would be to get only required events from index</P> <PRE><CODE>index=index FieldB="00.000" | table FieldA FieldB </CODE></PRE> Thu, 21 Jun 2018 11:40:35 GMT https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391131#M113865 niketn 2018-06-21T11:40:35Z https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391132#M113866 <P>Your first attempt is close, but once you apply <CODE>| table FieldA</CODE>, that is the only field you have, so you can't then filter for <CODE>FieldB</CODE> anymore. So you need to first do the filtering and then apply the <CODE>table</CODE> command to only show FieldA.</P> <PRE><CODE>index=index FIELDB="00.000" | table FieldA </CODE></PRE> Thu, 21 Jun 2018 11:42:04 GMT https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391132#M113866 FrankVl 2018-06-21T11:42:04Z https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391133#M113867 <P>This is excellent, simple and exactly what I was looking for!</P> <P>Thank you! </P> Thu, 21 Jun 2018 11:47:36 GMT https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391133#M113867 rayleadingham 2018-06-21T11:47:36Z https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391134#M113868 <P>Thank you for your comments and suggestions, this works exactly like the answer that was written.</P> <P>Great help and much appreciated!</P> Thu, 21 Jun 2018 11:49:13 GMT https://community.splunk.com/t5/Splunk-Search/How-to-show-a-table-listing-FIELDA-values-when-FIELDB-equals-00/m-p/391134#M113868 rayleadingham 2018-06-21T11:49:13Z