Displaying data in table

goyals05 · ‎03-28-2018

Hello,

How to display these logs in table format.

Raw data
Source 1:
2018-03-25 00:30:00 Backup Process Started
2018-03-25 11:44:03 Backup process Finished
2018-03-25 11:50:00 backup_size=5.2T

Source 2:
2018-03-21 00:30:00 Backup Process Started
2018-03-21 11:45:22 Backup process Finished
2018-03-21 11:50:00 backup_size=5.5T

Output:
    Start                  Finish                      size
    2018-03-21 00:30:00   2018-03-21 11:45:22          5.2T
    2018-03-25 00:30:00   2018-03-25 11:44:03          5.5T

Thankyou

kmaron · ‎03-28-2018

Depending on how your data is broken out you'll probably need some regex to break out your individual fields but once that is done you can accomplish the table with something like this

| eval StartTime = case(field_name="Backup Process Started", time_field_name)
| eval FinishTime = case(field_name="Backup Process Finished", time_field_name)
| eval BackupSize = case(field_name="backup_size", size_field_name)
| transaction Date_Field maxspan=24h
| table StartTime FinishTime BackupSize

I put all of your data into fields that correspond to the columns in your table then I used transaction to group them by date.

Displaying data in table

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Displaying data in table

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+