Solved: Create a table from only certain fixed values

worldexplorer81 · ‎04-20-2020

Hi,

I have a search that returns hundreds of results. Each result contains a field called jobName and another field called server
I need to build a table with 2 columns from a fixed set of JobNames. However, if one of the JobName in my defined list is not found in the search result, I need to return 'Not found'

Table should look like:
JobName server
JobA Server1
JobB Server2
JobE Not found
JobX Server6

Can anyone please help on how to generate the output above?
Thanks

adonio · ‎04-20-2020

can you share a sample of your data?
try and look into the fillnull command
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Fillnull

... your search ... | fields jobName server | table jobName server | fillnull value="Not found" server

hope it helps

View solution in original post

adonio · ‎04-20-2020

can you share a sample of your data?
try and look into the fillnull command
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Fillnull

... your search ... | fields jobName server | table jobName server | fillnull value="Not found" server

hope it helps

worldexplorer81 · ‎04-21-2020

Thanks! The fillnull function works

Create a table from only certain fixed values

table

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?