Solved: Formatting the report / table

RashmiGowda · ‎03-28-2014

Hello

M trying to generate the report by using the below query:-

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date

My result is in the below format : _time, Date, Time, Host

In result m getting the default _time column also. how to eliminate this _time column from the result..??

Also i need the report format as Date, Time, Host1 but the generated report file(csv) in mail has _time, Host Date Time..

how to format this..?/
Please help me out..??

somesoni2 · ‎03-28-2014

Try this

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date | fields - _time | table Date, Time, *

View solution in original post

somesoni2 · ‎03-28-2014

Try this

index="xyz" source="abc" | timechart span=1h count as Transactions by host | eval Time=strftime(_time, "%H:%M") | convert timeformat="%m-%d-%y" ctime(_time) as Date | fields - _time | table Date, Time, *

Formatting the report / table

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

From GPU to Application: Monitoring Cisco AI Infrastructure with Splunk Observability ...

Application management with Targeted Application Install for Victoria Experience

Join the Conversation

Formatting the report / table

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

From GPU to Application: Monitoring Cisco AI Infrastructure with Splunk Observability ...

Application management with Targeted Application Install for Victoria Experience