Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to format output of a query
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to format output of a query
sudeep5689
Explorer
05-29-2020
03:17 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
493669
Super Champion
05-29-2020
04:00 AM
Try below to capital first letter of month
... | eval date_month = upper(substr(date_month,1,1)).substr(date_month,2)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sudeep5689
Explorer
05-29-2020
04:09 AM
Ok 1 more issue that o/p shows April first and then March, is there a way to show March first and then April. This o/p is coming from two queries appended together. My objective is to show a month wise comparison starting from March to April etc. and so on
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
493669
Super Champion
05-30-2020
02:48 AM
you may try-
|sort 0 - date_month
OR
|sort 0 - _time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
493669
Super Champion
05-29-2020
03:27 AM
@sudeep5689 since date_month field is coming in your data it should have your expected month value
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sudeep5689
Explorer
05-29-2020
03:36 AM
Yes thats worked but its showing the month name as march, april. Can we format it to show as April and March. Please add your solution as the answer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
493669
Super Champion
05-29-2020
03:41 AM
date_month field should not show comma separeted values it will either show march or april but not both as comma separeted . can you share any screen shot what you are getting in date_month field.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sudeep5689
Explorer
05-29-2020
03:47 AM
Its coming fine . Just its like there are two rows coming as april and march. I want to show them like April March, first letter in caps
Get Updates on the Splunk Community!
Credit Card Data Protection & PCI Compliance with Splunk Edge Processor
Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...
Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!
What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
