Solved: How do I delete header with transpose?

jip31 · ‎03-18-2022

hello

I use a transpose command in order to have _time field displayed in column instead row

First question :

how to delete the header?

second question :

I was doing a color formatting like this

<format type="color" field="Qualité">
<colorPalette type="list">[#53A051,#F1813F,#DC4E41]</colorPalette>
<scale type="threshold">2,10</scale>
</format>

Since use transpose, the formatting doesnt works

what I have to do please?

ITWhisperer · ‎03-18-2022

Use header_field

transpose - Splunk Documentation

Remove field="Qualité" so that the formatting applies to all fields

View solution in original post

ITWhisperer · ‎03-18-2022

Use header_field

transpose - Splunk Documentation

Remove field="Qualité" so that the formatting applies to all fields

jip31 · ‎03-18-2022

I done header_field= Menu but I have always row1, row2....

yuanliu · ‎03-19-2022

@jip31 wrote:
I done header_field= Menu but I have always row1, row2....

This only means that "Menu" is not a column name in your original table. You need to look at column "column", and decide which row should be used as header_field. (Very probably it is the first row .)

Look at the table from this sample search:

index=_internal
| chart count over log_level by sourcetype

Try the following three commands:

| transpose
| transpose header_field=log_level
| transpose header_field=log_level column_name=sourcetype

You'll see how these options interact with the original table.

ITWhisperer · ‎03-18-2022

What is your full search?

How do I delete header with transpose?

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?