Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Creating a custom column in pivot table

ringbbg
Engager
‎01-31-2017 05:14 PM

HI All. I am trying to create a pivot table to display events happening in our network realtime.
On the Y axis, (Split Columns View), I want to add a field or data that count how many times has that particular event has happened in the set time frame, i.e. 24 hours. right now, since i am unable to do it, i just specied the column axis as "source" -> "list distinct values". just so I do not have an empty column. Can anyone help on how to do that? Thanks

| pivot Test2 Network_mon values(source) AS "Log Directory" SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time

Tags (1)
0 Karma
Reply

rjthibod
Champion
‎02-01-2017 03:39 AM

How about this?

| pivot Test2 Network_mon count(Network_mon) as count SPLITROW _time AS _time PERIOD second SPLITROW host AS host SPLITROW ip AS "peer IP" SPLITROW process AS process SPLITROW syslog_message AS syslog_message | sort 0 -_time
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...