Hi,
I've created a Statistics Table panel in a Dashboard.
My search query looks like:
sourcetype=my_sourcetype my_keyword |fields my_field1, my_field2 | sort +my_field1,+my_field2
But in the table I see also the raw data (_raw column).
Is there a way to exclude the _raw column?
Also, when I try to create a PDF report based on my Dashboard, all panels looks fine, but the Statistics Table panel doesn't contain the selected columns but only timestamp and _raw 😞
Thanks in advance,
Yaniv
Hi,
i think what you should do is replace your fields command with the table command like that:
sourcetype=my_sourcetype my_keyword | table my_field1, my_field2 | sort +my_field1,+my_field2
If you want to use fields command then see the second example in this link
http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/fields
Hi,
i think what you should do is replace your fields command with the table command like that:
sourcetype=my_sourcetype my_keyword | table my_field1, my_field2 | sort +my_field1,+my_field2
Thanks a lot for the quick answer - now it works.
I am pretty new to Splunk.
Yaniv