Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to Modify the Table rows?

andres91302
Communicator
‎04-26-2021 03:01 PM

Hello People, how Do I modify the order in which a table is showing the rows? I have no intent in ordering in terms of columns values or in alphabetical order, I rather want to have the rows shown in a organize format for example mi table looks like

DETAIL  TOTAL

A                458

B                  45

C                12

How can I have my table to look like this:

DETAIL  TOTAL

B                  45

A                458

C                12

These results come from a stats command .. I have even tried to change the order in the stats command but  that did not work

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall

View solution in original post

Reply
Solved! Jump to solution

andres91302
Communicator
‎04-27-2021 06:30 AM

Hello thanks, I want to organize the table tat I get from the stats command | stats count by DEPARTMENT in the order in which the shopping mall was built... I figured that if I add a number at the begining of the word I cound the organize the names of the deparment but my boss does not want that.. so my order does not hold "any logical" mean to splunk I just want a cartain deparment to be shown first that other in the table. thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:45 AM

Could you not include the Mall opening date in the stats command then remove the column?

| makeresults
| eval _raw="Store,Mall,Count
B,2001,2
A,2002,5
C,2003,7"
| multikv forceheader=1
| fields - _* linecount 


| stats sum(Count) as Count by Mall, Store
| fields - Mall
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-26-2021 03:52 PM

How do you want to "organize" the table if not by sorting? What criteria are you going to use to decide which comes first, second, etc?

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...