Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

remove column name from |table result

Chubbybunny
Splunk Employee
Splunk Employee
‎05-18-2012 04:46 PM

I have a search that provides a table result:

host="host1" index="main" | head 1 | table index host

Is it possible to remove or ommit the column name from the result?

I've tried:

host="host1" index="main" | head 1 | rename host AS NULL, index AS NULL | table NULL NULL

any carrots for the Chubbybunny?

(\__/)
(='.'=)
(")_(")
Reply
1 Solution
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎05-30-2012 11:23 AM

Don't ask for a field if you just plan to exclude it. I've tried to do this, and, AFAIK, there isn't a way to do this successfully. You'll always end up with a header, and presuming you're trying to export these results into something else, you'll end up with trouble. Just duplicate the search and leave the field off, save yourself a headache on the other side of things.

View solution in original post

Reply
Solved! Jump to solution
Solution

jbsplunk
Splunk Employee
Splunk Employee
‎05-30-2012 11:23 AM

Don't ask for a field if you just plan to exclude it. I've tried to do this, and, AFAIK, there isn't a way to do this successfully. You'll always end up with a header, and presuming you're trying to export these results into something else, you'll end up with trouble. Just duplicate the search and leave the field off, save yourself a headache on the other side of things.

Reply
Solved! Jump to solution

lguinn2
Legend
‎05-19-2012 03:29 PM

This is a kludge, but it might work.

host="host1" index="main" | head 1 | 
fields - _raw _time |
fields + host index |
rename host AS " ", index AS "   "

When this search runs, I think that the Table view button will show you what you want. It will still have a header area, but it should be blank.

I think there are easier ways, though, if you want to put this in a dashboard....

Reply
Solved! Jump to solution

atulod1
New Member
‎05-23-2018 08:49 PM

if ever 2 data in one field and they are Domain_Name = Domestic_Dev and Domain_Name = Domestic_QA I want to remove the Domain_Name =Domestic_QA

0 Karma
Reply
Solved! Jump to solution

dshpritz
SplunkTrust
SplunkTrust
‎05-18-2012 05:56 PM

You should be able to use the fields command:

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/fields

So to omit the "carrots" field:

host="host1" index="main" | head 1 | table index host | fields - carrots

HTH

Dave

Reply
Solved! Jump to solution

lguinn2
Legend
‎05-19-2012 03:22 PM

That will omit the field AND the header. I think the bunny just wants to omit the header.

Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...