Solved: Add a row to end of table

simonattardGO · ‎02-27-2012

Hi,

I am running a scheduled search to output some logs to a file. Now I would like to add an extra line to the end of each file, so that it acts as a footer for the file. I.e. I want to add the words " END OF FILE" to the end of each file.

Which is the best way to do this?

Thanks a lot!

_d_ · ‎02-27-2012

Assuming your search looks like this:

<my search here> | stats count by param1, param2, param3

Here is a quick way to do it:

<my search here> | stats count by param1, param2, param3 | append [|stats count |eval count="END OF FILE"]

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

View solution in original post

_d_ · ‎02-27-2012

Assuming your search looks like this:

<my search here> | stats count by param1, param2, param3

Here is a quick way to do it:

<my search here> | stats count by param1, param2, param3 | append [|stats count |eval count="END OF FILE"]

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

Add a row to end of table

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Accelerating Observability as Code with the Splunk AI Assistant

Join the Conversation

Add a row to end of table

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Accelerating Observability as Code with the Splunk AI Assistant