Splunk Search

remove specific columns from a table using a search command


I have written a search query in Advanced XML dashboard, which displays the table as follows,

parameter value_one value_two value_three value_four
param1 1 2 3 4
param2 5 6 7 8
param3 9 10 11 12
param4 13 14 15 16

I want to show only some specific columns based on situations such as,

for situation 1:parameter value_three

for situation 2:parameter value_one

for situation 3:parameter ,value_three ,value_four,value_two

I know that putting " table parameter value_(any required value)" solves the problem. But is it possible to hide/remove columns using there column headers name OR is it possible to remove the first three or last three columns from the table using the search query itself.

Kindly help...!!!

0 Karma


I'm not sure why this question is so difficult. A column = field. So just state the columns that you want and/or state the columns that you do NOT want in your query:

situation 1: your search | fields + value_three
situation 2: your search | fields + value_one
situation 3: your search | fields + value_three, value_four, value_two
OR, your search | fields - value_one

0 Karma

Revered Legend

How do you define the situations? Is is a condition based on search result or a user input based on drop down or something?

0 Karma


Isn't calling table or fields exactly what you describe as the first solution, hide/remove columns using their column header names?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!