Splunk Search

How to create mutiple columns for a single field

Path Finder

I have to make dashboard like different age limits as column heading

product    (age)20-25    (age)30 -35
product1          200        300
product2          500        600

How to do this in splunk ?

Tags (1)
0 Karma

Path Finder

Alternatively, if you don't need highly customized date ranges, you can use the bucket command before charting.

... | bucket age span=5 | stats count by product,age

Path Finder

See if the fieldformat command can help you: http://splunk-base.splunk.com/answers/35124/format-result-set-numbers

0 Karma


There is no Actual field name VJ8210 there are dynamic field name is coming so we are not able to do that.

Can you tell me how to add $ to dynamic field name.

0 Karma


Hi, for adding $ you use eval again:
eval age="$"+age

Replace age with your actual field names

Path Finder

Thank you, got it now i want to include a $ sign for the values below (age)20-25

product (age)20-25 (age)30 -35
product1 $200 $300
product2 $500 $600

How to do this as this table will be dynamic

0 Karma

| eval age_dist=floor(age/5)

This will give you a field named age_dist with distinct values for every 5 values of age

| eval age_range=case(age_dist==0,"(age)0-4",age_dist==1,"(age)5-9",...,age_dist==n,"(age)n*5-n*5+4")

This will give you the age groupings you are looking for

| stats count by product age_range

This will give you the table you are looking for

Your final search should look like:

... | eval age_dist=floor(age/5) | eval age_range=case(age_dist==0,"(age)0-4",age_dist==1,"(age)5-9",...,age_dist==n,"(age)n*5-n*5+4") | stats count by product age_range

Hope this helps

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...