Solved: retrieve search fields as table

ma_anand1984 · ‎04-24-2012

I'm extracting a field say JVM (in props.conf). Now I want to write a search where i want JVM in one column and source in another. Just two columns. How can i achieve that?

kristian_kolb · ‎04-24-2012

* | dedup JVM source | table JVM source

this will create a table with the unique combinations of JVM and source.

* | dedup JVM | table JVM source

will find unique values of JVM, and table them along with the corresponding source value.

/kristian

View solution in original post

kristian_kolb · ‎04-24-2012

* | dedup JVM source | table JVM source

this will create a table with the unique combinations of JVM and source.

* | dedup JVM | table JVM source

will find unique values of JVM, and table them along with the corresponding source value.

/kristian

ma_anand1984 · ‎04-24-2012

Thank you Kristian. this time im sure gonna tell your wife 😉

MHibbin · ‎04-24-2012

*| table JVM source

ma_anand1984 · ‎04-24-2012

thank you 🙂

MHibbin · ‎04-24-2012

... what kristian said 🙂

ma_anand1984 · ‎04-24-2012

Thank you. How can i get only unique values

retrieve search fields as table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Join the Conversation