Solved: How to create a table based on field extraction

shrirangphadke · ‎06-23-2015

Hi,

I have few field extraction created in my Splunk App. For Ex:

firewall_dst
firewall_username
firewall_operation

Now I want to create a table with these fields as columns. For Ex:

Time            firewall_dst    firewall_username   firewall_operation
2015-06-23  log.local         User1                         Save configuration
2015-06-23  log.local         User2                         Del configuration

What is the way to achieve this?
I tried with

| table firewall_dst firewall_username

and with field

| field firewall_dst firewall_username

with no luck.

Please help.

dolivasoh · ‎06-23-2015

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

View solution in original post

dolivasoh · ‎06-23-2015

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

shrirangphadke · ‎06-23-2015

Can you pls add this as an answer so that I can mark it

shrirangphadke · ‎06-23-2015

Hey thanks! It worked, It seems I was doing some silly mistake

How to create a table based on field extraction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation