Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Reordering Columns

nkitmitto
Explorer
‎02-25-2013 08:59 AM

How do I reorder the columns with this report? I want it to be:
date - product - imps - clicks - category

If I reorder the stats command, it fails and says :
Error in 'stats' command: The argument 'date' is invalid.

Here's the original query:

sourcetype=imp-log host=*.prod.fb.local site_id=xxxx earliest=-1d@d latest=-0d@d
| lookup siteproduct siteproductid as siteproduct_id siteid as site_id OUTPUTNEW productid as product productcategory as category
| eval date = imp_date
| stats count(eval(imp_action="imp")) as "imps", count(eval(imp_action="click")) as "clicks" by product, category, date

Tags (1)
Reply
1 Solution
Solved! Jump to solution

phastings
Explorer
‎01-31-2018 04:57 AM

In using the table command, the order of the fields given will be the order of the columns in the table.

For example, if I want my Error_Name to be before my Error_Count:

| table Error_Name, Error_Count

This would explicitly order the columns in the order I have listed here.

0 Karma
Reply
Solved! Jump to solution

maggarwal28
Engager
‎12-25-2019 08:57 PM

This should also apply if you are running the query using the Java SDK, right? Because for me, even after specifying the order in the table command, the order in which results are returned is different.

0 Karma
Reply
Solved! Jump to solution

nkitmitto
Explorer
‎02-25-2013 09:49 AM

Thanks! I looked at that, and didn't find what I needed. But took a second look, and it had what I needed. Thanks!

I added this to the end:
| table date, product, imps, clicks, category

Reply
Get Updates on the Splunk Community!

See Splunk Platform & Observability Innovations at Cisco Live EMEA

Hi Splunkers, Learn about what’s next for Splunk Platform at Cisco Live EMEA.  Data silos are a big challenge ...

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...