Adding an second identical column and field to Spl...

dxw350 · ‎06-18-2017

In order to coincide with an excel spreadsheet, I was hoping that Splunk table can provide two columns that our identical but listed with data at the beginning and the middle of the table sheet. Is there a way to have the same field name column more than once?

DalJeanis · ‎06-18-2017

Heh.

Two answers in one: No, it can't but you can make humans think it did.

The run anywhere sample code looks like this ...

 | makeresults 
 | eval george = "first one" 
 | eval frank = "second one" 
 | rename frank as " george" 
 | table _time george " george"

... with the resulting output...

 _time                george      george 
 2017-06-18 23:07:44  first one  second one

You can also just change the capitalization rather than including invisible spaces in the field name. Humans will disregard the difference.

cmerriman · ‎06-18-2017

I don't believe you can have the same field name. The closest you could do is different capitalization or adding a special character to it.

Adding an second identical column and field to Splunk table

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

Adding an second identical column and field to Splunk table

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...