Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Creating a custom column in pivot table

ringbbg
Engager
‎01-31-2017 05:14 PM

HI All. I am trying to create a pivot table to display events happening in our network realtime.
On the Y axis, (Split Columns View), I want to add a field or data that count how many times has that particular event has happened in the set time frame, i.e. 24 hours. right now, since i am unable to do it, i just specied the column axis as "source" -> "list distinct values". just so I do not have an empty column. Can anyone help on how to do that? Thanks

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

Tags (1)
0 Karma
Reply

rjthibod
Champion
‎02-01-2017 03:39 AM

How about this?

| pivot Test2 Network_mon count(Network_mon) as count SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...