Solved: How do I delete header with transpose?

jip31 · ‎03-18-2022

hello

I use a transpose command in order to have _time field displayed in column instead row

First question :

how to delete the header?

second question :

I was doing a color formatting like this

<format type="color" field="Qualité">
<colorPalette type="list">[#53A051,#F1813F,#DC4E41]</colorPalette>
<scale type="threshold">2,10</scale>
</format>

Since use transpose, the formatting doesnt works

what I have to do please?

ITWhisperer · ‎03-18-2022

Use header_field

transpose - Splunk Documentation

Remove field="Qualité" so that the formatting applies to all fields

View solution in original post

ITWhisperer · ‎03-18-2022

Use header_field

transpose - Splunk Documentation

Remove field="Qualité" so that the formatting applies to all fields

jip31 · ‎03-18-2022

I done header_field= Menu but I have always row1, row2....

yuanliu · ‎03-19-2022

@jip31 wrote:
I done header_field= Menu but I have always row1, row2....

This only means that "Menu" is not a column name in your original table. You need to look at column "column", and decide which row should be used as header_field. (Very probably it is the first row .)

Look at the table from this sample search:

index=_internal
| chart count over log_level by sourcetype

Try the following three commands:

| transpose
| transpose header_field=log_level
| transpose header_field=log_level column_name=sourcetype

You'll see how these options interact with the original table.

ITWhisperer · ‎03-18-2022

What is your full search?

How do I delete header with transpose?

other

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!