Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to Modify the Table rows?

andres91302
Communicator
‎04-26-2021 03:01 PM

Hello People, how Do I modify the order in which a table is showing the rows? I have no intent in ordering in terms of columns values or in alphabetical order, I rather want to have the rows shown in a organize format for example mi table looks like

DETAIL  TOTAL

A                458

B                  45

C                12

How can I have my table to look like this:

DETAIL  TOTAL

B                  45

A                458

C                12

These results come from a stats command .. I have even tried to change the order in the stats command but  that did not work

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall

View solution in original post

Reply
Solved! Jump to solution

andres91302
Communicator
‎04-27-2021 06:30 AM

Hello thanks, I want to organize the table tat I get from the stats command | stats count by DEPARTMENT in the order in which the shopping mall was built... I figured that if I add a number at the begining of the word I cound the organize the names of the deparment but my boss does not want that.. so my order does not hold "any logical" mean to splunk I just want a cartain deparment to be shown first that other in the table. thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2021 03:52 PM

How do you want to "organize" the table if not by sorting? What criteria are you going to use to decide which comes first, second, etc?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Mile High Learning with Splunk University, Denver, Colorado

If Denver is known for its mile-high elevation, Splunk University is about to raise the bar on technical ...

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...