Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to Modify the Table rows?

andres91302
Communicator
‎04-26-2021 03:01 PM

Hello People, how Do I modify the order in which a table is showing the rows? I have no intent in ordering in terms of columns values or in alphabetical order, I rather want to have the rows shown in a organize format for example mi table looks like

DETAIL  TOTAL

A                458

B                  45

C                12

How can I have my table to look like this:

DETAIL  TOTAL

B                  45

A                458

C                12

These results come from a stats command .. I have even tried to change the order in the stats command but  that did not work

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall

View solution in original post

Reply
Solved! Jump to solution

andres91302
Communicator
‎04-27-2021 06:30 AM

Hello thanks, I want to organize the table tat I get from the stats command | stats count by DEPARTMENT in the order in which the shopping mall was built... I figured that if I add a number at the begining of the word I cound the organize the names of the deparment but my boss does not want that.. so my order does not hold "any logical" mean to splunk I just want a cartain deparment to be shown first that other in the table. thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2021 03:52 PM

How do you want to "organize" the table if not by sorting? What criteria are you going to use to decide which comes first, second, etc?

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...