Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Reordering columns not working through API

whateverwhouare
New Member
‎07-17-2013 11:17 AM

I want to reorder my columns. I tried both table and fields, and they seemed to work through the web UI, but when I tried it through the REST API the order did not change at all.

Is there any known problem with reordering through REST API, or can anyone point out what I'm doing wrong? Below is my query.

index=na1 host=*app* logRecordTypeseclk=1 earliest=-5h tableEnumOrId=Contact OR tableEnumOrId=CollaborationGroup | where rank < 10 | stats count by rank, tableEnumOrId | table count, tableEnumOrId, rank

EDIT:

I asked this a while ago but I think the issue is somehow stats is affecting table. When I change stats count by rank, tableEnumOrId to stats count by tableEnumOrId, rank, the output order changed accordingly. But no matter how I change the ordering of the column names in table, nothing changes.

Is this a known issue? Or am I just doing something wrong?

0 Karma
Reply

nicolas_perreau
Explorer
‎03-24-2015 01:39 PM

Hi!

I'm having the same issue with REST and I do not see anyway to fix it so far.

I've just upgraded from Splunk 5.0.5 to 6.2.2 and noticed the behavior.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...