Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Adding a blank row to the output

arunkuriakose0
Engager
‎02-21-2021 09:07 PM

Hi Team

 

How can we add a blank row to the output. I have a search followed by some outputs in table format. I want to add a blank row in start or any where in the column .

index=*  Event Code=4624 Logotype=8  earliest=-d@d latest=@d | top user | appendpipe [|head 1 | for each * [eval new=""]] 

 

Tried something like this which gave me a new row with name new. I just want to add a blank row in search results. Can some one help?

Thanks in advance

 

Labels (1)
Labels
0 Karma
Reply

tscroggins
Influencer
‎02-21-2021 09:44 PM

@arunkuriakose0 

appendpipe [ | makeresults ]

will add a row/event with only a _time value.

Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...