Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to list out the field in tabular format?

AL3Z
Builder
‎05-09-2023 04:16 AM

Hi All,

How do we list out the fields in tabular format..
Eg:

hostname  action  
windows     allowed
                        deny
                        accept

---------------->  
hostname    action

windows    allowed
windows    deny
windows    accept

in this way I need a search in tabular format 

Thanks..

 

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-09-2023 04:32 AM

Hi @AL3Z,

sorry but I don't understand: do you want the first or the second?

anyway, for the first, you need something like this:

<your_search>
| stats values(action) AS action BY host

in the second you have

<your_search>
| stats count BY host action
| fields - count

if you also want the count it's a little more complicated:

<your_search>
| stats count BY host action
| eval column=action."|".count
| stats values(column) AS column BY host

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Splunk and Fraud

Join us on November 13 at 11 am PT / 2 pm ET!Join us for an insightful webinar where we delve into the ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...

Splunk and Palo Alto - Updates to Official Splunkbase Support

Exciting news!  In our ongoing mission to deliver the best customer experience, we are thrilled to announce ...