Solved: How to make table in Splunk

logloganathan · ‎03-15-2018

Please provide different examples so that its very easy for us to understand.
explaining the example with eval command will be awarded.

mayurr98 · ‎03-15-2018

Generate a table
To generate a table, write a search that includes a transforming command. From the Search page, run the search and select the Statistics tab to view and format the table.

You can use the table command in a search to specify the fields that the table includes or to change table column order.

Search examples
1) Transforming search
This search uses the chart transforming command.

index = _internal | chart avg(bytes) over sourcetype

2) Transforming search with the table command
This search generates a table with action, host, and count columns.

index = _internal | stats count by action, host

To change the columns that appear in the table or to change column order, add the table command to this search. For example, add | table host count to generate a table with only the host and count columns.

index = _internal | stats count by action, host | table host count

3) Using eval

| makeresults 
  | eval field_a ="My Value A", field_b ="Other Value B" 
  | table [|makeresults |  eval search ="field_a field_b" | table search ]

Also, have a look at this table command reference doc there are many examples in this
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Table

let me know if this helps!

View solution in original post

Taruchit · ‎04-18-2022

Hello All,

Can you please help to make following type of tables using | makeresults command: -

Column1	Column2
C1	A,B,C
C2	D,E,F,G
C3	X

Column1	Column2
C1	A
C1	B
C1	C
C2	D
C2	E
C2	F
C2	G
C3	X

Thank you

vinod743374 · ‎04-19-2022

Taruchit · ‎04-27-2022

Thank you, it worked successfully.

mayurr98 · ‎03-15-2018

Generate a table
To generate a table, write a search that includes a transforming command. From the Search page, run the search and select the Statistics tab to view and format the table.

You can use the table command in a search to specify the fields that the table includes or to change table column order.

Search examples
1) Transforming search
This search uses the chart transforming command.

index = _internal | chart avg(bytes) over sourcetype

2) Transforming search with the table command
This search generates a table with action, host, and count columns.

index = _internal | stats count by action, host

To change the columns that appear in the table or to change column order, add the table command to this search. For example, add | table host count to generate a table with only the host and count columns.

index = _internal | stats count by action, host | table host count

3) Using eval

| makeresults 
  | eval field_a ="My Value A", field_b ="Other Value B" 
  | table [|makeresults |  eval search ="field_a field_b" | table search ]

Also, have a look at this table command reference doc there are many examples in this
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Table

let me know if this helps!

logloganathan · ‎03-15-2018

thanks for your answer

How to make table in Splunk

table

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services