Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Reordering Columns

nkitmitto
Explorer
‎02-25-2013 08:59 AM

How do I reorder the columns with this report? I want it to be:
date - product - imps - clicks - category

If I reorder the stats command, it fails and says :
Error in 'stats' command: The argument 'date' is invalid.

Here's the original query:

sourcetype=imp-log host=*.prod.fb.local site_id=xxxx earliest=-1d@d latest=-0d@d
| lookup siteproduct siteproductid as siteproduct_id siteid as site_id OUTPUTNEW productid as product productcategory as category
| eval date = imp_date
| stats count(eval(imp_action="imp")) as "imps", count(eval(imp_action="click")) as "clicks" by product, category, date

Tags (1)
Reply
1 Solution
Solved! Jump to solution

phastings
Explorer
‎01-31-2018 04:57 AM

In using the table command, the order of the fields given will be the order of the columns in the table.

For example, if I want my Error_Name to be before my Error_Count:

| table Error_Name, Error_Count

This would explicitly order the columns in the order I have listed here.

0 Karma
Reply
Solved! Jump to solution

maggarwal28
Engager
‎12-25-2019 08:57 PM

This should also apply if you are running the query using the Java SDK, right? Because for me, even after specifying the order in the table command, the order in which results are returned is different.

0 Karma
Reply
Solved! Jump to solution

nkitmitto
Explorer
‎02-25-2013 09:49 AM

Thanks! I looked at that, and didn't find what I needed. But took a second look, and it had what I needed. Thanks!

I added this to the end:
| table date, product, imps, clicks, category

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...