Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to Move the table values to the top with query?

vinod743374
Communicator
‎05-10-2022 06:03 AM

Hii,

I have a data in the Splunk table like the below image.

    Arista     ConsoleRule          Host                    UnknownRule

Passed Failed GDTVFVDFVS-BDHF Passed
Passed Failed FSSGVDF-BDHF Passed
Failed   DGUYSFDF-BDHF Passed
Passed Failed    
Failed Failed DGUYSFDF-BDHF  
Failed Failed DGUYSFDF-BDHF  


Needed like below image 

AristaConsoleRuleHostUnknownRule

Passed Failed GDTVFVDFVS-BDHF Passed
Passed Failed FSSGVDF-BDHF Passed
Failed Failed DGUYSFDF-BDHF Passed
Passed Failed FSSGVDF-BDHF  
Failed Failed DGUYSFDF-BDHF  
Failed      

 


Can anyone Please Help us,
Is there any possible way to achive this.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-10-2022 06:16 AM

Hi @vinod743374,

could you share your search and a sample of your data?

Ciao.

Giuseppe

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-10-2022 06:16 AM

What search have you used to create your table in the first place?

What criteria are you using to "move" the values up the table?

Your second table doesn't include the same values as the first table so it is a little difficult to determine what it is you are trying to do.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...