Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

remove specific columns from a table using a search command

harshal_chakran
Builder
‎03-11-2014 12:27 AM

Hi,

I have written a search query in Advanced XML dashboard, which displays the table as follows,

parameter value_one value_two value_three value_four
param1 1 2 3 4
param2 5 6 7 8
param3 9 10 11 12
param4 13 14 15 16

I want to show only some specific columns based on situations such as,

for situation 1:parameter value_three

for situation 2:parameter value_one

for situation 3:parameter ,value_three ,value_four,value_two

I know that putting " table parameter value_(any required value)" solves the problem. But is it possible to hide/remove columns using there column headers name OR is it possible to remove the first three or last three columns from the table using the search query itself.

Kindly help...!!!

0 Karma
Reply

the_wolverine
Champion
‎03-17-2014 08:15 PM

I'm not sure why this question is so difficult. A column = field. So just state the columns that you want and/or state the columns that you do NOT want in your query:

situation 1: your search | fields + value_three
situation 2: your search | fields + value_one
situation 3: your search | fields + value_three, value_four, value_two
OR, your search | fields - value_one

0 Karma
Reply

somesoni2
Revered Legend
‎03-11-2014 09:22 AM

How do you define the situations? Is is a condition based on search result or a user input based on drop down or something?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-11-2014 06:25 AM

Isn't calling table or fields exactly what you describe as the first solution, hide/remove columns using their column header names?

0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...
Top