Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I able to return a list of fields with the fields command in a search, but not with the table command?

bheemireddi
Communicator
‎03-20-2015 01:15 PM

Any ideas around this? When I use the fields command in this search:

some search | fields Activity1, Activity2...

I can see all the fields and the values on the left side, but if I change fields to the table command, then I don't see anything. All the fields appear as blank. Is there something I am missing here?

I appreciate any clues.

Thanks,
Raji.

Tags (2)
0 Karma
Reply

bheemireddi
Communicator
‎03-23-2015 08:45 AM

Looks like I only have limited events populated with the values and rest blanks. and I was moving fast between sort asc/desc. Tried to run more specific queries with the where condition and saw some values populated. Thanks everyone for your comments and quick replies.

0 Karma
Reply

chimell
Motivator
‎03-23-2015 03:15 AM

Hi Iguinn
Know that fields command Keeps or removes fields from search results. while table command is a reporting command that Creates a table using only the field names specified.
When you write the search below you keep fields Activity1,Activity2....... 

 some search | fields Activity1, Activity2...

therefore when you write this other search , 

 some search |table  Activity1, Activity2...

you should have a table with column where each column represent one field , all these fields containing the values.

first proposition
If you haven't the values with table command let go to the far page to see , because certains rows couldn.t have the values.
just verify another rows of your table

second proposition
Make sure that fields that you used with table command are present in the search before pipe.

0 Karma
Reply

lguinn2
Legend
‎03-22-2015 03:34 PM

What mode are you using to run your search? Fast, verbose and smart modes behave differently with regard to field extraction. Also, what tab are you looking at? The table command is a reporting command; the fields command is not - so the two commands will present results in different tabs.

0 Karma
Reply

pradeepkumarg
Influencer
‎03-20-2015 01:57 PM

May be the fields doesn't have values for all the events.. To start with, after running the table command, click on any of the field header and it will sort the values and you might end up seeing some values.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...