Splunk Search

Put results in one row table

lgroot
Explorer

Hello,

I have got a question about a Query. This is the query:

index=security-mijnssp "View rendered = /error.jspx" OR "Er is een fout opgetreden op de JSF"  | rex "BSN=(?P<BSN>[^<]+) View" | rex "INFO  n.s.m.w.l(?P<INFO>[^<]+)"|rex "ERROR n.s.m.w.l(?P<ERROR>[^<]+)"|  table BSN, INFO, ERROR, _time

And this is how the table look likes:

alt text

My question is how i can put the results in one row? So that BSN, INFO, ERROR and Time are on the same line sorted by Time?

Thanks for the answer!

Tags (2)
0 Karma

grijhwani
Motivator

Look at the documentation for transactions, and use BSN as your transaction identifier.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...