Bring my research into a table with several predef...

carinahOliveira · ‎10-29-2021

Hi, splunkres! I have a search that returns several text fields and I would like to form a table with predefined rows and columns, how can I do this?

Here is an example from my research:

index=search
timeformat="%d-%m-%YT%H:%M:%S" earliest="26-10-2021T00:00:00" latest="26-10-2021T23:59:00"
| rex field=search "VPN-ANTIVIRUS-WIN:Mandatory:(?<campo1>.*?):"
| rex field=search ";VPN-ANTIVIRUS-RUN-WIN:Audit:(?<campo2>.*?):"

Format of the table I want to return:

Título	Campo	Status
linha1	titulo do campo	campo1
linha2	titulo do campo	campo2

And this way I can put as many lines as I want

ITWhisperer · ‎10-29-2021

Does this give what you need?

| table Título	Campo	Status

carinahOliveira · ‎10-29-2021

It doesn't give me what I want. I want a table with defined rows, because I want the fields one in each row.

ITWhisperer · ‎10-29-2021

How about this?

| table Título	Campo	Status
| transpose 0

carinahOliveira · ‎11-01-2021

This doesn't work, I believe I have to loop it through all the lines, but I can't find it

ITWhisperer · ‎11-01-2021

Can you share examples of the events you are working with and explain which part of the event should go into which part of the resulting table?

Bring my research into a table with several predefined rows Splunk

table

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

IM Landing Page Filter - Now Available

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud