- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Why am I able to return a list of fields with ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why am I able to return a list of fields with the fields command in a search, but not with the table command?
Any ideas around this? When I use the fields command in this search:
some search | fields Activity1, Activity2...
I can see all the fields and the values on the left side, but if I change fields to the table command, then I don't see anything. All the fields appear as blank. Is there something I am missing here?
I appreciate any clues.
Thanks,
Raji.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like I only have limited events populated with the values and rest blanks. and I was moving fast between sort asc/desc. Tried to run more specific queries with the where condition and saw some values populated. Thanks everyone for your comments and quick replies.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Iguinn
Know that fields command Keeps or removes fields from search results. while table command is a reporting command that Creates a table using only the field names specified.
When you write the search below you keep fields Activity1,Activity2.......
some search | fields Activity1, Activity2...
therefore when you write this other search ,
some search |table Activity1, Activity2...
you should have a table with column where each column represent one field , all these fields containing the values.
first proposition
If you haven't the values with table command let go to the far page to see , because certains rows couldn.t have the values.
just verify another rows of your table
second proposition
Make sure that fields that you used with table command are present in the search before pipe.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What mode are you using to run your search? Fast, verbose and smart modes behave differently with regard to field extraction. Also, what tab are you looking at? The table command is a reporting command; the fields command is not - so the two commands will present results in different tabs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
May be the fields doesn't have values for all the events.. To start with, after running the table command, click on any of the field header and it will sort the values and you might end up seeing some values.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
