I am currently looking to make a table that shows how variables from 5 fields (the first five rows that splunk says have the biggest count) end up being spread into 5 new fields. As of now, I have maxcol and maxrow set to 5. I know the 5 new fields that I want to specifically look at. Is there any way to call these fields out when I am doing the search. My current search looks like this
index=name |'data' | contingency group newgroup maxcols=5 maxrows=5 usetotal=false
I was hoping there would be some way to replace the maxcols=5 with a variable like col1=fielda col2=fieldb etc....
... View more