Splunk Search

How do I hide a column in a table?

New Member

Imagine a scenario where I need to have a hidden column in my table to serve a passing functionality.


  1. I create a second column (let’s call it XYZ) with the appropriate whichever text (using replace, lower, etc) to be passed into URLs with $click.XYZ$
  2. I can use now 'condition.. ' inside of 'drill down' to specify that I actually want my first column ABC to be clickable ('field=ABC') and serve the passing functionality.
  3. How do I hide now second XYZ column? - Please be specific code wise how to do it


0 Karma


Just to make sure I understand, you have a dashboard panel with a stats table. The table has columns fieldA, fieldB, fieldC, fieldD and you want to use the value in fieldC, but not display that column in the stats table. This might be for a key you don't want to display, but use as part of a drilldown.

One way to do it:

    <title>Your title here</title>
      <query> (your search here) | table fieldA fieldB fieldC fieldD </query>
    <option name="count">10</option>
    <option name="drilldown">row</option>
    <option name="rowNumbers">false</option>
      <set token="clientTok">$row.fieldC$</set>
      <set token="forms.clientTok">$row.fieldC$</set>

The query should output all the fields you want to display, plus the one you want to hide. I just used table as an example, but you likely already have them listed by stats or something similar. The fields section controls fields that you want to see in the panel. The token clientTok can then be used in other panels, such as the target panel, using the $clientTok$.


Work perfectly !

0 Karma



try this command...
| fields 'list of fields you want to be displayed'



0 Karma


besides you can try
|fields - XYZ column

0 Karma


.... | fields - 'list of fields you want to exclude'

0 Karma
Get Updates on the Splunk Community!

KVStore failure after upgrade to 9.0

After upgrading to Splunk 9.0 on a single instance, we occasionally get KV Store errors.&nbsp;<span ...

SOAR Tenable.sc scan endpoint with credentials

When scanning an endpoint in SOAR how to you get a credential scan? I can start a scan via SOAR playbook but ...

Is there an add-on for the Cisco Meraki devices?

We have many&nbsp;Cisco Meraki devices sending data via syslog to Splunk. Is there an add-on for ...