Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Reordering Columns

nkitmitto
Explorer
‎02-25-2013 08:59 AM

How do I reorder the columns with this report? I want it to be:
date - product - imps - clicks - category

If I reorder the stats command, it fails and says :
Error in 'stats' command: The argument 'date' is invalid.

Here's the original query:

sourcetype=imp-log host=*.prod.fb.local site_id=xxxx earliest=-1d@d latest=-0d@d
| lookup siteproduct siteproductid as siteproduct_id siteid as site_id OUTPUTNEW productid as product productcategory as category
| eval date = imp_date
| stats count(eval(imp_action="imp")) as "imps", count(eval(imp_action="click")) as "clicks" by product, category, date

Tags (1)
Reply
1 Solution
Solved! Jump to solution

phastings
Explorer
‎01-31-2018 04:57 AM

In using the table command, the order of the fields given will be the order of the columns in the table.

For example, if I want my Error_Name to be before my Error_Count:

| table Error_Name, Error_Count

This would explicitly order the columns in the order I have listed here.

0 Karma
Reply
Solved! Jump to solution

maggarwal28
Engager
‎12-25-2019 08:57 PM

This should also apply if you are running the query using the Java SDK, right? Because for me, even after specifying the order in the table command, the order in which results are returned is different.

0 Karma
Reply
Solved! Jump to solution

nkitmitto
Explorer
‎02-25-2013 09:49 AM

Thanks! I looked at that, and didn't find what I needed. But took a second look, and it had what I needed. Thanks!

I added this to the end:
| table date, product, imps, clicks, category

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...