Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to append original search result with the table

cyberportnoc
Explorer
‎07-01-2017 02:44 AM

"number of scan:" | convert timeformat="%Y-%m-%d" ctime(_time) AS date | table source, date, Event

there is no event column which i think is search result

Tags (1)
0 Karma
Reply

niketn
Legend
‎07-01-2017 03:00 AM

I am not sure but if you need to show raw event data you should use _raw. Also if you just want to format time differently you should use fieldformat.

Try the following search :

<YourBaseSearch>
| fieldformat _time=strftime(_time,"%Y-%m-%d")
| table source, date, _raw

PS: if your intent is to group events together by day you should use timechart command to aggregate the data.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

cyberportnoc
Explorer
‎07-01-2017 03:08 AM

this is it, really thanks

0 Karma
Reply

niketn
Legend
‎07-01-2017 04:32 AM

@cyberportnoc, I have converted to answer. Please accept.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...