Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Table creation without extraction fields

aurora5
Explorer
‎06-01-2021 09:03 PM

Hi Everyone,

Please help me with my below query.

Sample Logs:-

aurora5_2-1622606366701.png

 

I want my table to look like as below-

aurora5_3-1622606423057.png

Thank you in advance!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aurora5
Explorer
‎06-02-2021 01:51 AM

Thank you for your quick response. It works now

View solution in original post

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎06-01-2021 11:00 PM

Hi

you could try this

....
| rex "Engine (?<ApplicationName>[^\s]+) (started|terminating)"
| stats earliest(_time) as StartDate latest(_time) as EndDate by ApplicationName

This assume that there is only one start and end for any application. If there is more then you need to update this or use eg. transaction command. The depends on your data and how much you have it.

r. Ismo 

0 Karma
Reply
Solved! Jump to solution
Solution

aurora5
Explorer
‎06-02-2021 01:51 AM

Thank you for your quick response. It works now

0 Karma
Reply
Solved! Jump to solution

aurora5
Explorer
‎06-01-2021 10:48 PM

aurora5_0-1622612489489.png

 

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎06-01-2021 10:28 PM
@aurora5
Can you please share _raw sample logs?
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...