Values of a field inside table

rishiehari · ‎12-11-2012

Current Sample Event :
Dec 4 02:11:19: Span id: 26, status: No Signal ( e1, slot 5 #3 )

Current Sample Query :
.. | rex field=_raw "status: (?[^(]+)" | rex field=_raw "e1, (?[^#]+) #(?[^)]+)" | table circuit,slot,status

Current Sample Output :
circuit slot status
1 0 slot 2 Remote Loss of Sync
2 0 slot 3 No Signal
3 1 slot 3 OK
4 2 slot 1 Remote Loss of Sync

Expected Output :

Slot->    1    2    3    4    5
Circuit
|
1         Loss OK   NO  Loss  OK       
2         No  Loss  OK   NO  Loss
3         OK   NO  Loss  OK   NO
4         Loss OK   NO   Loss  NO

I'm looking at arriving at a similar table so that I can use *.js to put up colors in the table so that a person can identify for the circuits failed in the slot in a single stroke

Thanks

rishiehari · ‎12-11-2012

Im sorry. This question was a repetition. The answer is I must be using CHART instead of table.

.. | chart values(status) by circuit,slot

is the solution. Thanks everyone.

Values of a field inside table

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!