Splunk Search

Customizing statics and visualization for the user given filter

New Member

Hi,

I have 4 event filed in a single line, now I need to filter the top 200 event for a particular event filed , which I can do by using " | top=200 ", mu main problem is in the statics and visualization it showing only the event and their count, I would like to have all the remaining 3 event filed which comes with it the data.

In the Table I would like to use the filter is it possible ??? like ordering..??

Thanks in advance.

0 Karma

New Member

@somesoni2

host=PDT DataTag=HistoryData "ScannedNetwork: .Channel"=44| top limit=200 "ScannedNetwork: .SSID"

In statics and visualization it providing only SSID,count,percentage. I dont want percentage instead of that I want other event fields. and I also would like to know how to customize the visualization graph.. example instead of count I would like to have event field.

0 Karma

SplunkTrust
SplunkTrust

Try something like this

<your base search> [search <your base search> | top limit=200 fieldX | table fieldX] |...remaning search

The subsearch will eliminate other values of fieldX which are not part of top 200.

0 Karma

New Member

Hi
host=PDT DataTag=HistoryData [ search host=PDT DataTag=HistoryData | top limit=200 ScannedNetwork: .SSID | table ScannedNetwork: .SSID] It returns no result, I am sure there is a data. at all time.
My doubt is when I use the top command it will table only one field in statics and visualization, How to add other fields in statics ??

0 Karma

SplunkTrust
SplunkTrust

can your provide your current search (before applying top command)?

0 Karma