Solved: Formatting the report / table

RashmiGowda · ‎03-28-2014

Hello

M trying to generate the report by using the below query:-

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date

My result is in the below format : _time, Date, Time, Host

In result m getting the default _time column also. how to eliminate this _time column from the result..??

Also i need the report format as Date, Time, Host1 but the generated report file(csv) in mail has _time, Host Date Time..

how to format this..?/
Please help me out..??

somesoni2 · ‎03-28-2014

Try this

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date | fields - _time | table Date, Time, *

View solution in original post

somesoni2 · ‎03-28-2014

Try this

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date | fields - _time | table Date, Time, *

Formatting the report / table

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Are you a member of the Splunk Community?

Formatting the report / table

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions