Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How can I visualize "table _raw" in the same format as the search result for the raw events in default Splunk search screen ?

Upas02
Path Finder
‎08-20-2018 12:05 PM

When I search for my events by giving index=myindex, I get my data in the proper format.
But when i try to print it out in a table, by using "index=myindex | table _raw" the formatting changes and I get the data in a different format.
How can get output of "table _raw" in the same way as events display in default search page.
Can it be done at query level or HTML or CSS level ?

Thanks in advance for your help.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

CarsonZa
Contributor
‎08-20-2018 12:47 PM

you cant

"The table command is similar to the fields command in that it lets you specify the fields you want to keep in your results. Use table command when you want to retain data in tabular format."

http://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/Table

the list display shows events collapsed, you might be missing key information. I don't see a good reason to print this display

View solution in original post

0 Karma
Reply
Solved! Jump to solution

marycordova
SplunkTrust
SplunkTrust
‎08-20-2018 12:53 PM

can you post a screenshot of what you are trying to achieve as well as a sample log?

@marycordova
0 Karma
Reply
Solved! Jump to solution
Solution

CarsonZa
Contributor
‎08-20-2018 12:47 PM

you cant

"The table command is similar to the fields command in that it lets you specify the fields you want to keep in your results. Use table command when you want to retain data in tabular format."

http://docs.splunk.com/Documentation/Splunk/7.1.2/SearchReference/Table

the list display shows events collapsed, you might be missing key information. I don't see a good reason to print this display

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...