How to separate out basic search of splunk in two different columns?
I am new to Splunk and facing an issue in separating out the two columns of the query. I tried with the below query and found the results as shown below in table1
...|
append
[ search index="pd" "successful" "notif/output/"
| stats count by _raw
| fields count
| rename _raw as Dtransfer]
|
append
[ search index="pd" "SBID=nr" "DM" "PAM=sende" "notif/archive/"
| stats count by _raw
| fields count
| rename _raw as DMCopy]
How do I achieve the expected result shown in Table 2? I need to display two separate columns DtransferCount and DMCopyCount
Solution
Give the counts different names and they'll be in separate columns.
...
| append [search index="pd" "successful" "notif/output/"
| stats count as DtransferCount by _raw
| fields DtransferCount
| rename _raw as Dtransfer]
| append [search index="pd" "SBID=nr" "DM" "PAM=sende" "notif/archive/"
| stats count as DMCopyCount by _raw
| fields DMCopyCount
| rename _raw as DMCopy]
- How to determine the length of an array field in Splunk?
- Splunk query to find those final results that has events with unique combination of values of two keys in results of main search criteria
- login-info.cfg Splunk file semantic and structure
- Splunk SignalFX Synthetics: Is it possible to retrieve environment variable values in Javascript
- query splunk query joining 2 data tables
- Form a results table view from splunk multiple logs
- Exclude unnecessary logs being sent to splunk cloud platform
- How to Attach Splunk Search Results In JIra Via Terraform Automation?
- Regex Substitue only on a specific group - sedcmd (Splunk)
- Regex to only return matches when followed by a specific word
- embeding conf files into helm chart
- Splunk Logs for Faster Queries, with Category Boolean true
- How to create a timechart in splunk for the timestamp and extracted field?
- Match regex named group up until optional word
- How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
- Splunk result in Table format
- Splunk: How to compute the difference of timestamps by id?
- SPLUNK: How can I count events by location with a list of SERVERNAME's?
- How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
- Java 11 HttpClient - POST issue
- Flume sink to Splunk?
- Questions related to splunk builtin macros in correlation search
- how to send the local file using splunk forwarder docker image?
- A table of counts of http status by URL
- How do I use a specific date/time in Splunk dashboard with earliest and latest?
- Splunk - Handling a blank token for a dashboard search
- Splunk - Extracting from search results using regex and aggregates
- Splunk - Grouping by distinct field with stats of another field
- Trying to log to Splunk using logback appender
- How can I download infinite results from a Splunk Search to Export the Data