Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I change the header so it displays the current date?

sbbadri
Motivator
‎08-10-2017 12:58 PM

Hi,

I have a table output like below,

**OS**       Range1       Range2       Range3     Range4
AIX          10           20           30         40
HP-UX        50           60           70         80
Linux        90           100          110        120

But I want a table like below,

**2017-08-10** Range1       Range2       Range3   Range4
AIX            10           20           30       40
HP-UX          50           60           70       80
Linux          90           100          110      120

Date should be change daily.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-10-2017 01:14 PM

Try this

your current search giving fields OS Range 1... (gives output 1)
| eval today=strftime(now(),"%Y-%m-%d") 
| eval {today}=OS | fields - OS today

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎08-10-2017 01:14 PM

Try this

your current search giving fields OS Range 1... (gives output 1)
| eval today=strftime(now(),"%Y-%m-%d") 
| eval {today}=OS | fields - OS today
0 Karma
Reply
Solved! Jump to solution

sbbadri
Motivator
‎08-10-2017 01:36 PM

Nope it is not working. i need header label instead of os i need current date value.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-10-2017 01:44 PM

Can you provide what you get with my answer and what you expect?

Runanywhere sample.

| gentimes start=-1 | eval OS="AIX" | table OS | eval Range1=30 | eval Range2=50

Output

OS    Range1   Range2
AIX  30  50

With my answer

| gentimes start=-1 | eval OS="AIX" | table OS | eval Range1=30 | eval Range2=50  | eval today=strftime(now(),"%Y-%m-%d") 
| eval {today}=OS | fields - today OS

Output

2017-08-10   Range1   Range2
AIX  30  50
0 Karma
Reply
Solved! Jump to solution

sbbadri
Motivator
‎08-10-2017 02:06 PM

Query:

| inputlookup SystemsUpTimeRange.csv WHERE (range="91-180 days") AND os=AIX AND os!=NA
| stats sum(count) as tcount by _time os range
| sort - _time
| head 8
| rename tcount as 91_180_days
| fields - range
| delta 91_180_days as 91_180_days_c p=7
| tail 1 | ..... more query ............ | eval today=strftime(now(),"%Y-%m-%d")
| eval {today}=os | fields - os today | table 91_180_days 91_180_days_c 180_plus_days 180_plus_days_c

Ouput:

91_180_days 91_180_days_c 180_plus_days 180_plus_days_c
25 7 77 -6
6 0
456 -20 142 -9

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎08-10-2017 02:11 PM

Your last table command is removing the field with today's date. Replace your last table command with this

| table * 91_180_days 91_180_days_c 180_plus_days 180_plus_days_c

OR 

| table 2* 91_180_days 91_180_days_c 180_plus_days 180_plus_days_c
0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...