Table: Splunk Commands Tutorials & Reference

Commands Category: Filtering

Commands: table

Use: The table command returns a table that is formed by only the fields that you specify in the arguments. Columns are displayed in the same order that fields are specified. Column headers are the field names. Rows are the field values. Each row represents an event.

---

Example from homeworkdataset.csv

host=homework usr=* state=* | table user state

---

homework Server's Time

host=homework usr=* | eval timesstamp=strftime(_time, "%I:%M") | table timesstamp usr

---

---

Example from homeworkdataset.csv

host=homework
host=homework domain=*
host=homework domain=* type=fail* OR lock*
host=homework domain=* type=fail* OR lock* | table domain type
host=homework domain=* type=fail* OR lock* | table _time domain type
host=homework domain=* usr=* type=fail* OR lock* | table _time usr domain type

---

---

Search for recent earthquakes in and around California and display only the time of the quake (Datetime), where it occurred (Region), and the quake's magnitude (Magnitude) and depth (Depth). Samplefile-all_month_earthquakes.csv

index=usgs_* source=usgs place=*California | table time, place, mag, depth

---

Show the date, time, coordinates, and magnitude of each recent earthquake in Northern California.Samplefile:-all_month_earthquakes.csv

index=usgs_* source=usgs place=*California | rename lat as latitude lon as longitude | table time, place, lat*, lon*, mag

---

Search for IP addresses and classify the network they belong to. Samplefile:- tutorialdata.zip

sourcetype=access_* | dedup clientip | eval network=if(cidrmatch("192.0.0.0/16", clientip), "local", "other") | table clientip, network

---

Keep only the fields source, sourcetype, host, and all fields beginning with error.

index=web sourcetype=access* status=200 product_name=* | table JSESSIONID, product_name, price

index=web sourcetype=access* status=200 product_name=* | table JSESSIONID, product_name, price | rename JSESSIONID as "User Session"

index=web sourcetype=access* status=200 product_name=* | table JSESSIONID, product_name, price | rename JSESSIONID as "User Session" product_name as "Purchased Game" price as "Purchased Price" | fields - "User Session"

---

Example for sample data(tutorialdata)

index=security sourcetype=history* Address_Description="San Francisco" | table Username First_Name Last_Name

index=security sourcetype=history* Address_Description="San Francisco" 
| dedup Username
| table Username First_Name Last_Name

---

Example for sample data(tutorialdata)

index=security sourcetype=history* Address_Description="San Francisco" | table Username First_Name Last_Name

index=security sourcetype=history* Address_Description="San Francisco" 
| dedup First_Name Last_Name
| table Username First_Name Last_Name

---

Avail Rajesh Kumar as trainer at 50% Discount Puppet Online Training Enroll Now Puppet Classroom TrainingEnroll Now