Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a table?

Imhim
Explorer
‎08-17-2023 02:02 AM

Hi, 

I need help with creating a table in Splunk that displays all the components below: 

 

 

 

 


I too need to create another table that gives an overview of the Host. The components are: 

 

 

 

 


I have been looking at this for a while, however the task is difficult, so I am hoping I can find the help I need here. 


Thank you.  
 
Labels (3)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-17-2023 02:34 AM

Hi @Imhim,

did you already ingested logs using the Splunk_TA_Windows (on Windows machines) or the Splunk_TA_nix (on Linux machines)?

If yes, you have only to identify the fields to use and they depends on the operative system.

If not, install the Add-ons, enabling the inputs you need, then I can help you in search definition.

Ciao.

Giuseppe

Reply

Imhim
Explorer
‎08-17-2023 03:07 AM

Hi @gcusello

Thank you for the fast reply. 

Yes, both are already installed and have ingested logs. 🙂 

Br, 

Imhim

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-17-2023 04:11 AM

When field names have non-alphanumerics in they need to referred to in single quotes e.g. 

| table VirtualMachine 'vCPU (Allocated)' 'RAM (Allocated)'
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...