Dashboards & Visualizations

How to remove a column and replace it with another?

taylorl
Explorer

Hi,

I wish to remove a column and replace it with one that has better information. Its a Dashboard recommended view.

Tags (2)
0 Karma
1 Solution

wpreston
Motivator

Something like this?

source="wineventlog:*" NOT type=information | table _time Source Type

View solution in original post

wpreston
Motivator

Something like this?

source="wineventlog:*" NOT type=information | table _time Source Type

taylorl
Explorer

Thank you so much! That's pointed me in the direction I needed.

0 Karma

taylorl
Explorer

Search code listed below:

source="wineventlog:*" type NOT information

There is a type value that is indexed as I can search on it.

0 Karma

strive
Influencer

Can you post your search here? Do you have Type field in your index OR evaluated field before you display as table.

Suppose if you have Type in your index, you can do this

Your Base Search...| table Time Source Type

Suppose if you are evaluating Type field then

Your Base Search ..| eval Type = YOUR EVAL EXPRESSION | table Time Source Type

If you provide more details then we can help you write the search as you need

taylorl
Explorer

Sorry I thought I added an image but must have forgot to. In fact I just tried now and it says I need more karma to do so.

Well I will try explain it here this is how it currently looks

Time Source SourceType

10:00am / Application / Application

I want it to look like this:

Time Source Type

10:00am / Application / Warning

Minus the / of course I used them to seperate the columns

0 Karma

linu1988
Champion

more info please.

Use | table col1,col2,....

or

fields -col1 to remove column

or fields +col1 to add column

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...