Solved: How to remove a column and replace it with another...

taylorl · ‎07-30-2014

Hi,

I wish to remove a column and replace it with one that has better information. Its a Dashboard recommended view.

wpreston · ‎07-31-2014

Something like this?

source="wineventlog:*" NOT type=information | table _time Source Type

wpreston · ‎07-31-2014

Something like this?

source="wineventlog:*" NOT type=information | table _time Source Type

taylorl · ‎07-31-2014

Thank you so much! That's pointed me in the direction I needed.

taylorl · ‎07-31-2014

Search code listed below:

source="wineventlog:*" type NOT information

There is a type value that is indexed as I can search on it.

strive · ‎07-31-2014

Can you post your search here? Do you have Type field in your index OR evaluated field before you display as table.

Suppose if you have Type in your index, you can do this

Your Base Search...| table Time Source Type

Suppose if you are evaluating Type field then

Your Base Search ..| eval Type = YOUR EVAL EXPRESSION | table Time Source Type

If you provide more details then we can help you write the search as you need

taylorl · ‎07-31-2014

Sorry I thought I added an image but must have forgot to. In fact I just tried now and it says I need more karma to do so.

Well I will try explain it here this is how it currently looks

Time Source SourceType

10:00am / Application / Application

I want it to look like this:

Time Source Type

10:00am / Application / Warning

Minus the / of course I used them to seperate the columns

linu1988 · ‎07-30-2014

more info please.

Use | table col1,col2,....

or

fields -col1 to remove column

or fields +col1 to add column

How to remove a column and replace it with another?