Splunk Search

How to create a table based on field extraction

shrirangphadke
Path Finder

Hi,

I have few field extraction created in my Splunk App. For Ex:

firewall_dst
firewall_username
firewall_operation

Now I want to create a table with these fields as columns. For Ex:

Time            firewall_dst    firewall_username   firewall_operation
2015-06-23  log.local         User1                         Save configuration
2015-06-23  log.local         User2                         Del configuration

What is the way to achieve this?
I tried with

| table firewall_dst firewall_username

and with field

| field firewall_dst firewall_username

with no luck.

Please help.

Tags (2)
0 Karma
1 Solution

dolivasoh
Contributor

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

View solution in original post

dolivasoh
Contributor

Are you intentionally trying to call the same field twice?

|table firewall_dst firewall_username firewall_operation

^ should produce the results you're looking to achieve

shrirangphadke
Path Finder

Can you pls add this as an answer so that I can mark it

shrirangphadke
Path Finder

Hey thanks! It worked, It seems I was doing some silly mistake

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...