Creating a custom column in pivot table

ringbbg · ‎01-31-2017

HI All. I am trying to create a pivot table to display events happening in our network realtime.
On the Y axis, (Split Columns View), I want to add a field or data that count how many times has that particular event has happened in the set time frame, i.e. 24 hours. right now, since i am unable to do it, i just specied the column axis as "source" -> "list distinct values". just so I do not have an empty column. Can anyone help on how to do that? Thanks

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

rjthibod · ‎02-01-2017

How about this?

| pivot Test2 Network_mon count(Network_mon) as count SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

Creating a custom column in pivot table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation

Creating a custom column in pivot table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...