Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make table in Splunk

logloganathan
Motivator
‎03-15-2018 03:11 AM

Please provide different examples so that its very easy for us to understand.
explaining the example with eval command will be awarded.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎03-15-2018 03:44 AM

Generate a table
To generate a table, write a search that includes a transforming command. From the Search page, run the search and select the Statistics tab to view and format the table.

You can use the table command in a search to specify the fields that the table includes or to change table column order.

Search examples
1) Transforming search
This search uses the chart transforming command.

index = _internal | chart avg(bytes) over sourcetype

2) Transforming search with the table command
This search generates a table with action, host, and count columns.

index = _internal | stats count by action, host

To change the columns that appear in the table or to change column order, add the table command to this search. For example, add | table host count to generate a table with only the host and count columns.

index = _internal | stats count by action, host | table host count

3) Using eval

| makeresults 
  | eval field_a ="My Value A", field_b ="Other Value B" 
  | table [|makeresults |  eval search ="field_a field_b" | table search ]

Also, have a look at this table command reference doc there are many examples in this
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Table

let me know if this helps!

View solution in original post

Reply
Solved! Jump to solution

Taruchit
Contributor
‎04-18-2022 03:32 AM

Hello All, 

Can you please help to make following type of tables using | makeresults command: -

Column1Column2
C1A,B,C
C2D,E,F,G
C3X

 

Column1Column2
C1A
C1B
C1C
C2D
C2E
C2F
C2G
C3X

 

Thank you

0 Karma
Reply
Solved! Jump to solution

vinod743374
Communicator
‎04-19-2022 05:09 AM

| makeresults | eval column1= "c1",column2="A,B,C"
|append[| makeresults | eval column1= "c2",column2="D,E,F,G"]
|append[| makeresults | eval column1= "c3",column2="X"]
| fields - _time


You can try like this.

Reply
Solved! Jump to solution

Taruchit
Contributor
‎04-27-2022 08:57 AM

Thank you, it worked successfully. 

0 Karma
Reply
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎03-15-2018 03:44 AM

Generate a table
To generate a table, write a search that includes a transforming command. From the Search page, run the search and select the Statistics tab to view and format the table.

You can use the table command in a search to specify the fields that the table includes or to change table column order.

Search examples
1) Transforming search
This search uses the chart transforming command.

index = _internal | chart avg(bytes) over sourcetype

2) Transforming search with the table command
This search generates a table with action, host, and count columns.

index = _internal | stats count by action, host

To change the columns that appear in the table or to change column order, add the table command to this search. For example, add | table host count to generate a table with only the host and count columns.

index = _internal | stats count by action, host | table host count

3) Using eval

| makeresults 
  | eval field_a ="My Value A", field_b ="Other Value B" 
  | table [|makeresults |  eval search ="field_a field_b" | table search ]

Also, have a look at this table command reference doc there are many examples in this
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Table

let me know if this helps!

Reply
Solved! Jump to solution

logloganathan
Motivator
‎03-15-2018 04:21 AM

thanks for your answer

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...