Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Reordering Columns

nkitmitto
Explorer
‎02-25-2013 08:59 AM

How do I reorder the columns with this report? I want it to be:
date - product - imps - clicks - category

If I reorder the stats command, it fails and says :
Error in 'stats' command: The argument 'date' is invalid.

Here's the original query:

sourcetype=imp-log host=*.prod.fb.local site_id=xxxx earliest=-1d@d latest=-0d@d
| lookup siteproduct siteproductid as siteproduct_id siteid as site_id OUTPUTNEW productid as product productcategory as category
| eval date = imp_date
| stats count(eval(imp_action="imp")) as "imps", count(eval(imp_action="click")) as "clicks" by product, category, date

Tags (1)
Reply
1 Solution
Solved! Jump to solution

phastings
Explorer
‎01-31-2018 04:57 AM

In using the table command, the order of the fields given will be the order of the columns in the table.

For example, if I want my Error_Name to be before my Error_Count:

| table Error_Name, Error_Count

This would explicitly order the columns in the order I have listed here.

0 Karma
Reply
Solved! Jump to solution

maggarwal28
Engager
‎12-25-2019 08:57 PM

This should also apply if you are running the query using the Java SDK, right? Because for me, even after specifying the order in the table command, the order in which results are returned is different.

0 Karma
Reply
Solved! Jump to solution

nkitmitto
Explorer
‎02-25-2013 09:49 AM

Thanks! I looked at that, and didn't find what I needed. But took a second look, and it had what I needed. Thanks!

I added this to the end:
| table date, product, imps, clicks, category

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...