Tables, charts, and fields
After reading Chapter 2, Advanced Searching, you should know that when you run a Splunk search, your command pipeline determines which search result's tab (or tabs) will get populated. We know that if you are concentrating on retrieving events, your results will be returned in the Events tab, while event transformations will be visible in the Statistics and Visualization tabs.
In this chapter, we will cover the transformation of event data, and therefore, the Statistics and Visualization tabs.
Splunking into tables
Splunking your search results into a table might be the easiest and most straightforward method of transforming your search results into a more readable form. Rather than looking at raw event data, you can use Splunk commands to reduce the noise of the raw events into the Splunk Statistics tab, presented as a table in the tab.
You can utilize Splunk's
fields command to improve the level of readability of the Statistics tab by keeping or removing...
