0

i am new to splunk and i am trying thing out on my own. This might be an elementary question to most of you , but please be patient in trying to help me out.

| inputlookup "Wsp.csv"
| eval Outage = if(PublisherStatus = "Active", "1","0")
| eval _time=strptime(_time, "%Y-%m-%dT%H:%M:%S")
| eval DayOfWeek=strftime(_time, "%A")

I am trying to add Outage and DayOfWeek to be displayed in the result.

i tried using field Outage and dayofweek but it doesn't display the rest of fields present in Wsp.csv

is it possible to display Wsp + Outage + dayofweek in the search result ? how ?

sumanth shetty
  • 1,851
  • 5
  • 24
  • 57

1 Answers1

0

What you've written will add the Outage and DayOfWeek fields to your results

If you want to reorder them, use | table:

| table _time Outage DayOfWeek <rest of fields, or *>

Also, _time shouldn't need to be converted into epoch time: it's an internal field that's always stored in epoch time (unless your CSV is weird)

warren
  • 32,620
  • 21
  • 85
  • 124