sumanth shetty
Reputation: 2181
Adding custom column / field into splunk result
i am new to splunk and i am trying thing out on my own. This might be an elementary question to most of you , but please be patient in trying to help me out.
| inputlookup "Wsp.csv"
| eval Outage = if(PublisherStatus = "Active", "1","0")
| eval _time=strptime(_time, "%Y-%m-%dT%H:%M:%S")
| eval DayOfWeek=strftime(_time, "%A")
I am trying to add Outage and DayOfWeek to be displayed in the result.
i tried using field Outage and dayofweek but it doesn't display the rest of fields present in Wsp.csv
is it possible to display Wsp + Outage + dayofweek in the search result ? how ?
Upvotes: 0
Views: 2413
Answers (1)
warren
Reputation: 33453
What you've written will add the Outage and DayOfWeek fields to your results
If you want to reorder them, use | table:
| table _time Outage DayOfWeek <rest of fields, or *>
Also, _time shouldn't need to be converted into epoch time: it's an internal field that's always stored in epoch time (unless your CSV is weird)
Upvotes: 0
Related Questions
- Splunk - Add numeric columns and display only that result
- Splunk - Displaying addcoltotals into its own column
- How to display the results of a Splunk map operation together with the original fields?
- How to extract a field from a Splunk search result and do stats on the value of that field
- How to extract a value from fields when using stats()
- Adding custom fields to splunk query
- Assign a value to the variable in Splunk and use that value in the search
- Splunk extracted field in dashboard
- How to add custom field to events in Splunk?
- Extracting certain fields from Splunk query results