Splunk Search

how to sub headding in table column in dashboard


Column1 | Day1 | Day 2 |
--------- | Shift1 | Shift2 | Shift1 | Shift2 |
ABCD | X | N | Y | X |
XYZA | X | N | Y | N |
BCDE | X | N | Y | N |

Tags (2)
0 Karma


@Rajkumarkbm2 for the table columns to be sorted the way you want you would need to have both Day and Shift together. Table will not have two headers so you might have to have two separate tables (one with only header column and second with the details). For keeping the sort of column you might need to have JavaScript code as well. Could you share the query you have right now?

Following is the easiest way have both field names merged as one with spaces between the two field names. Please try the following run any where search based on Splunk's _internal index which plots the count of components by key field combining date_mday and log_level field (with values ERROR and WARN)

index=_internal sourcetype=splunkd log_level!=INFO  earliest=-7d@d latest=now
| eval key=date_mday."     :".log_level
| chart count by component key useother=f limit=15
| head 5
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!