Solved: Re: Formatting the report / table

RashmiGowda · ‎03-28-2014

Hello

M trying to generate the report by using the below query:-

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date

My result is in the below format : _time, Date, Time, Host

In result m getting the default _time column also. how to eliminate this _time column from the result..??

Also i need the report format as Date, Time, Host1 but the generated report file(csv) in mail has _time, Host Date Time..

how to format this..?/
Please help me out..??

somesoni2 · ‎03-28-2014

Try this

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date | fields - _time | table Date, Time, *

View solution in original post

somesoni2 · ‎03-28-2014

Try this

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date | fields - _time | table Date, Time, *

Formatting the report / table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation