Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to Modify the Table rows?

andres91302
Communicator
‎04-26-2021 03:01 PM

Hello People, how Do I modify the order in which a table is showing the rows? I have no intent in ordering in terms of columns values or in alphabetical order, I rather want to have the rows shown in a organize format for example mi table looks like

DETAIL  TOTAL

A                458

B                  45

C                12

How can I have my table to look like this:

DETAIL  TOTAL

B                  45

A                458

C                12

These results come from a stats command .. I have even tried to change the order in the stats command but  that did not work

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall

View solution in original post

Reply
Solved! Jump to solution

andres91302
Communicator
‎04-27-2021 06:30 AM

Hello thanks, I want to organize the table tat I get from the stats command | stats count by DEPARTMENT in the order in which the shopping mall was built... I figured that if I add a number at the begining of the word I cound the organize the names of the deparment but my boss does not want that.. so my order does not hold "any logical" mean to splunk I just want a cartain deparment to be shown first that other in the table. thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2021 03:52 PM

How do you want to "organize" the table if not by sorting? What criteria are you going to use to decide which comes first, second, etc?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...