上QQ阅读APP看书,第一时间看更新
Split
The Splunk configuration options that are available for split (row and column) depend on the type of attributes you choose for them.
Note
Some split configuration options are specific to either row or column elements, while others are available to either element type.
These configuration options, regardless of the attribute type, are as follows:
- Both split row and split column:
- Max rows and max columns: This is the maximum number of rows or columns that can appear in the results table
- Totals: This will indicate whether to include a row or column that represents the total of all others in an attribute called ALL
- Only split row elements:
- Label: This is used to override the attribute name with a different text or character string
- Sort: This is used to reorder the split rows
- Only split column:
- Group others: This indicates whether to group any results excluded by the max columns limit into a separate other column
Configuration options dependent on the attribute type are:
- String attributes:
- There are no configuration options specific to string attributes that are common to both split row and split column elements
- Numeric attributes:
- Create ranges: This indicates whether or not you want your numeric values represented as ranges (Yes) or listed separately (No)
- Boolean attributes:
- You can provide alternate labels for true and false values
- Timestamp attributes:
- Period: You can use this to bucket your timestamp results by
Year,Month,Day,Hour,Minute, orSecond
- Period: You can use this to bucket your timestamp results by