Solved: How to create a table?

ko1 · ‎06-01-2023

Can we aggregate the data in the specified column?

example SPL A)
index=pan_logs | stats count by signature,src,dest

example SPL A Result)

Want to creat table)

We want to aggregate by signature_name without changing src<->dest combination.

gcusello · ‎06-01-2023

it's not possible to display results in the format you want, Splunk isn't Excel!

but you can do something like this:

index=pan_logs  
| eval col="src=".src." dest=".dest
| stats values(col) AS "src dest" count BY signature

Ciao.

Giuseppe

ITWhisperer · ‎06-01-2023

| stats list(src) as src list(dest) as dest sum(count) as count by signature_name

gcusello · ‎06-01-2023

it's not possible to display results in the format you want, Splunk isn't Excel!

but you can do something like this:

index=pan_logs  
| eval col="src=".src." dest=".dest
| stats values(col) AS "src dest" count BY signature

Ciao.

Giuseppe

ko1 · ‎06-01-2023

Hi, @gcusello .
I will use this.
Thanks a lot!

gcusello · ‎06-01-2023

Hi @ko1 ,

if one answer solves your need, please accept this one for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

How to create a table?