Solved: Add a row to end of table

simonattardGO · ‎02-27-2012

Hi,

I am running a scheduled search to output some logs to a file. Now I would like to add an extra line to the end of each file, so that it acts as a footer for the file. I.e. I want to add the words " END OF FILE" to the end of each file.

Which is the best way to do this?

Thanks a lot!

_d_ · ‎02-27-2012

Assuming your search looks like this:

<my search here> | stats count by param1, param2, param3

Here is a quick way to do it:

<my search here> | stats count by param1, param2, param3 | append [|stats count |eval count="END OF FILE"]

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

View solution in original post

_d_ · ‎02-27-2012

Assuming your search looks like this:

<my search here> | stats count by param1, param2, param3

Here is a quick way to do it:

<my search here> | stats count by param1, param2, param3 | append [|stats count |eval count="END OF FILE"]

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

Add a row to end of table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation