Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I add the results of some particular columns to a new column?

ashokpuvvada
New Member
‎02-20-2019 06:12 AM

I ran a query which gave results in the below manner

alt text

I just want the last two columns, that is Today and Tomorrow and remaining columns values to be added to a new column saying Yesterday.

As in, I want my result in only 3 columns as Today, Tomorrow and Yesterday.

Any ideas how to do?

Thanks

Preview file
1 KB
0 Karma
Reply

vnravikumar
Champion
‎02-20-2019 08:02 AM

Hi @ashokpuvvada

Try this

| makeresults 
| eval friday=20, monday=20,saturday=10, sunday=20,today=10,tomorrow=30,yesterday=0 
| foreach friday,monday,saturday,sunday 
    [ eval yesterday = yesterday+<<FIELD>>]| table yesterday,today,tomorrow
0 Karma
Reply
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti &#x1f389; —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...