Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

remove specific columns from a table using a search command

harshal_chakran
Builder
‎03-11-2014 12:27 AM

Hi,

I have written a search query in Advanced XML dashboard, which displays the table as follows,

parameter value_one value_two value_three value_four
param1 1 2 3 4
param2 5 6 7 8
param3 9 10 11 12
param4 13 14 15 16

I want to show only some specific columns based on situations such as,

for situation 1:parameter value_three

for situation 2:parameter value_one

for situation 3:parameter ,value_three ,value_four,value_two

I know that putting " table parameter value_(any required value)" solves the problem. But is it possible to hide/remove columns using there column headers name OR is it possible to remove the first three or last three columns from the table using the search query itself.

Kindly help...!!!

0 Karma
Reply

the_wolverine
Champion
‎03-17-2014 08:15 PM

I'm not sure why this question is so difficult. A column = field. So just state the columns that you want and/or state the columns that you do NOT want in your query:

situation 1: your search | fields + value_three
situation 2: your search | fields + value_one
situation 3: your search | fields + value_three, value_four, value_two
OR, your search | fields - value_one

0 Karma
Reply

somesoni2
Revered Legend
‎03-11-2014 09:22 AM

How do you define the situations? Is is a condition based on search result or a user input based on drop down or something?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-11-2014 06:25 AM

Isn't calling table or fields exactly what you describe as the first solution, hide/remove columns using their column header names?

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Splunk ITSI & Correlated Network Visibility

  Now On Demand   Take Your Network Visibility to the Next Level In today’s complex IT environments, ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...
Top