Re: Multiline table column header

yumlu · ‎05-11-2012

I have a table that has long column headers. Can i make these headers multi-line formatted?

old table headers:
Service Name Operation Name Request Count Success Count System Fault Count

my goal:
Service Operation Request Success System
Name Name Count Count Fault
Count

woodcock · ‎07-05-2015

I couldn't find any way to force Splunk to accept newlines inside field names so this is as good as I could get; tack this on to the end of your search:

... | rename "Service Name" AS "Service" "Operation Name" AS "Operation" "Request Count" AS "Request" "Success Count" AS "Success" "System Fault Count" AS "System" | append [search index=* | head 1 | stats count | eval "Service" = null() | eval "Operation" = null() | eval "Request" = null() | eval "Success" = null() | eval "System" = "Count" | fields - count] | append [search index=* | head 1 | stats count | eval "Service" = "Name" | eval "Operation" = "Name" | eval "Request" = "Count" | eval "Success" = "Count" | eval "System" = "Fault" | fields - count] | reverse

Multiline table column header

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation