Solved: Add a row to end of table

simonattardGO · ‎02-27-2012

Hi,

I am running a scheduled search to output some logs to a file. Now I would like to add an extra line to the end of each file, so that it acts as a footer for the file. I.e. I want to add the words " END OF FILE" to the end of each file.

Which is the best way to do this?

Thanks a lot!

_d_ · ‎02-27-2012

Assuming your search looks like this:

<my search here> | stats count by param1, param2, param3

Here is a quick way to do it:

<my search here> | stats count by param1, param2, param3 | append [|stats count |eval count="END OF FILE"]

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

View solution in original post

_d_ · ‎02-27-2012

Assuming your search looks like this:

<my search here> | stats count by param1, param2, param3

Here is a quick way to do it:

<my search here> | stats count by param1, param2, param3 | append [|stats count |eval count="END OF FILE"]

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

Add a row to end of table

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!