Solved: How to create a table based on field extraction

shrirangphadke · ‎06-23-2015

Hi,

I have few field extraction created in my Splunk App. For Ex:

firewall_dst
firewall_username
firewall_operation

Now I want to create a table with these fields as columns. For Ex:

Time            firewall_dst    firewall_username   firewall_operation
2015-06-23  log.local         User1                         Save configuration
2015-06-23  log.local         User2                         Del configuration

What is the way to achieve this?
I tried with

| table firewall_dst firewall_username

and with field

| field firewall_dst firewall_username

with no luck.

Please help.

dolivasoh · ‎06-23-2015

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

View solution in original post

dolivasoh · ‎06-23-2015

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

shrirangphadke · ‎06-23-2015

Can you pls add this as an answer so that I can mark it

shrirangphadke · ‎06-23-2015

Hey thanks! It worked, It seems I was doing some silly mistake

How to create a table based on field extraction

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!