Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I add the results of some particular columns to a new column?

ashokpuvvada
New Member
‎02-20-2019 06:12 AM

I ran a query which gave results in the below manner

alt text

I just want the last two columns, that is Today and Tomorrow and remaining columns values to be added to a new column saying Yesterday.

As in, I want my result in only 3 columns as Today, Tomorrow and Yesterday.

Any ideas how to do?

Thanks

Preview file
14 KB
0 Karma
Reply

vnravikumar
Champion
‎02-20-2019 08:02 AM

Hi @ashokpuvvada

Try this

| makeresults 
| eval friday=20, monday=20,saturday=10, sunday=20,today=10,tomorrow=30,yesterday=0 
| foreach friday,monday,saturday,sunday 
    [ eval yesterday = yesterday+<<FIELD>>]| table yesterday,today,tomorrow
0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...