How to list out the field in tabular format?

AL3Z · ‎05-09-2023

Hi All,

How do we list out the fields in tabular format..
Eg:

hostname action
windows allowed
deny
accept

---------------->
hostname action

windows allowed
windows deny
windows accept

in this way I need a search in tabular format

Thanks..

gcusello · ‎05-09-2023

sorry but I don't understand: do you want the first or the second?

anyway, for the first, you need something like this:

<your_search>
| stats values(action) AS action BY host

in the second you have

<your_search>
| stats count BY host action
| fields - count

if you also want the count it's a little more complicated:

<your_search>
| stats count BY host action
| eval column=action."|".count
| stats values(column) AS column BY host

Ciao.

Giuseppe

Are you a member of the Splunk Community?