Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Customize table- How to display the output in a table format?

Vani_26
Path Finder
‎11-03-2022 01:05 PM

I want to display the output in a table format.

Basically I have a list of responses values fields that I want to printout, but only if they have something in them.
I don't want to routinely display 10 extra fields that are usually with empty.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-03-2022 05:05 PM
  You can use a wildcard to display all available fields, but will have to eliminate some built-in fields first.--how to do that

I gave an example of how to do that.  Here's another one.

...
| fields - _* 
| fields success, error,  failure , total_count 
| table *
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎11-03-2022 02:33 PM

Can you be more specific about your use case, please?

Tables will display a field (column) if told to display it - even if that field is null or doesn't exist.  You can use a wildcard to display all available fields, but will have to eliminate some built-in fields first.

...
```Adjust this line to remove any other unwanted fields```
| fields - punct splunk_server* linecount
| table _time *
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

Vani_26
Path Finder
‎11-03-2022 03:52 PM

Can you be more specific about your use case, please?

i have query where i am getting the count for success, error,  failure , total_count etc , So, when i search my query for 24 hrs, Depends on the logs, sometimes i will not have data for failure, sometimes for error and so on...
So, when i make these fields as |table sucess error failure total_count  , all these fields should not get displayed, only the fields which contains data should get displayed.


Tables will display a field (column) if told to display it - even if that field is null or doesn't exist.---Yes correct


  You can use a wildcard to display all available fields, but will have to eliminate some built-in fields first.--how to do that

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-03-2022 05:05 PM
  You can use a wildcard to display all available fields, but will have to eliminate some built-in fields first.--how to do that

I gave an example of how to do that.  Here's another one.

...
| fields - _* 
| fields success, error,  failure , total_count 
| table *
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Vani_26
Path Finder
‎11-03-2022 06:37 PM

thank you, it worked

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...