Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Table wont show on search

jacksonchandler
Engager
‎07-17-2024 09:14 PM

Hi,

Im trying to collate URL domain names of users who visit websites over the course of 24 hours. It pulls the right data but it wont table and im not sure how to fix it.  Im using URL Toolbox to parse the domain out. 

index="##" eventtype=pan $user$ hoursago=24
| eval list="mozilla"
| `ut_parse_extended(url,list)`
| stats count by ut_domain_without_tld
| table ut_domain_without_tld count

Im fairly new to splunk so any help is appreciated.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-17-2024 10:43 PM

Hi @jacksonchandler ,

let me understand:

if you run the search without the last row (the table command) does ir run and does you have results?

if yes, remove the last row, also because you don't need it.

if not, run the search without the last two rows and check if the field ut_domain_without_tld is present.

Could you share the content of the macro?

if you use <CTRL><SHIFT>E on the search with the macro, you can have the full search (without macro) displayed in a window.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jacksonchandler
Engager
‎07-17-2024 10:57 PM

Thanks Guiseppe. I solved it myself with your advice - data was there but wasnt showing as a table because my dashboard wasnt configured to do that - was to be shown as a list. Changed that and worked!

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-17-2024 11:08 PM

Hi @jacksonchandler ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-17-2024 10:43 PM

Hi @jacksonchandler ,

let me understand:

if you run the search without the last row (the table command) does ir run and does you have results?

if yes, remove the last row, also because you don't need it.

if not, run the search without the last two rows and check if the field ut_domain_without_tld is present.

Could you share the content of the macro?

if you use <CTRL><SHIFT>E on the search with the macro, you can have the full search (without macro) displayed in a window.

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...