All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ODTS For Splunk Custom Table

sdyawg
Engager
‎07-02-2018 01:09 PM

I'm utilizing a data set of vulnerabilities that I need to show in a table in my report, it looks like ODTS app is perfect for what I need, however I am having trouble populating the fields of a custom table using the "dump_two_tables.odt" report template.

My search string is something like:

index=vulns ip=192.168.1.1 | table ip, cve, severity | eval table="table_176" | append [search index=solutions ip=192.168.1.1 | table cve, solution | eval table="table_176solution"] | docgen -key=table -tfile=dump_two_tables.odt

I've modified the table and comments in the template with:

"do row for event in table_176" and "do row for event in table_176solution" in the comments
event['ip'] event['cve'] event['severity'] event['solution'] in the table

My results are two tables with what appear to be the correct number of rows, but filled with the "event['ip']" strings from the template rather than the field information from my search. What am I missing? It seems like I'm this close to having it exactly how I envision it

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...