Dashboards & Visualizations

Creating a custom column in pivot table

ringbbg
Engager

HI All. I am trying to create a pivot table to display events happening in our network realtime.
On the Y axis, (Split Columns View), I want to add a field or data that count how many times has that particular event has happened in the set time frame, i.e. 24 hours. right now, since i am unable to do it, i just specied the column axis as "source" -> "list distinct values". just so I do not have an empty column. Can anyone help on how to do that? Thanks

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

Tags (1)
0 Karma

rjthibod
Champion

How about this?

| pivot Test2 Network_mon count(Network_mon) as count SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...