Splunk Search

How to create a table based on field extraction

shrirangphadke
Path Finder

Hi,

I have few field extraction created in my Splunk App. For Ex:

firewall_dst
firewall_username
firewall_operation

Now I want to create a table with these fields as columns. For Ex:

Time            firewall_dst    firewall_username   firewall_operation
2015-06-23  log.local         User1                         Save configuration
2015-06-23  log.local         User2                         Del configuration

What is the way to achieve this?
I tried with

| table firewall_dst firewall_username

and with field

| field firewall_dst firewall_username

with no luck.

Please help.

Tags (2)
0 Karma
1 Solution

dolivasoh
Contributor

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

View solution in original post

dolivasoh
Contributor

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

shrirangphadke
Path Finder

Can you pls add this as an answer so that I can mark it

shrirangphadke
Path Finder

Hey thanks! It worked, It seems I was doing some silly mistake

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...