topic How to create a table with several fields and totals by each value in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-create-a-table-with-several-fields-and-totals-by-each/m-p/490013#M136866 <P>Imagine that I have a table of results like this:</P> <PRE><CODE>Field1 Field2 Field3 Field4 Field5 Field6 Field7 Field8 Field9 1 0 1 0 0 3 0 0 3 1 0 3 1 0 1 1 0 0 2 0 1 0 1 3 0 0 3 1 0 3 1 0 1 1 0 1 3 0 2 0 0 3 0 0 3 1 0 3 1 0 3 0 0 1 3 1 1 0 0 1 1 0 3 0 0 3 1 1 2 1 0 1 </CODE></PRE> <P>For each column I want to have the following statistics:<BR /> Field1 with 0 Values: 1<BR /> Field1 with 1 Values: 4<BR /> Field1 with 2 Values: 2<BR /> Field1 with 3 Values: 2<BR /> Field2 with 0 Values: 8<BR /> Field2 with 1 Values: 1<BR /> Field2 with 2 Values: 0<BR /> Field2 with 3 Values: 0<BR /> Field3 with 0 Values: 0<BR /> Field3 with 1 Values: 3<BR /> Field3 with 2 Values: 1<BR /> Field3 with 3 Values: 4<BR /> Field4 with 0 Values: 4<BR /> Field4 with 1 Values: 4<BR /> Field4 with 2 Values: 0<BR /> Field4 with 3 Values: 0<BR /> ...<BR /> until Field9.</P> <P>How can I do this? And it´s possible to adapt to a line chart?</P> <P>Thanks in advance.</P> <P>Best Regards.</P> Wed, 22 Jan 2020 00:01:31 GMT splunk_exercice 2020-01-22T00:01:31Z How to create a table with several fields and totals by each value https://community.splunk.com/t5/Splunk-Search/How-to-create-a-table-with-several-fields-and-totals-by-each/m-p/490013#M136866 <P>Imagine that I have a table of results like this:</P> <PRE><CODE>Field1 Field2 Field3 Field4 Field5 Field6 Field7 Field8 Field9 1 0 1 0 0 3 0 0 3 1 0 3 1 0 1 1 0 0 2 0 1 0 1 3 0 0 3 1 0 3 1 0 1 1 0 1 3 0 2 0 0 3 0 0 3 1 0 3 1 0 3 0 0 1 3 1 1 0 0 1 1 0 3 0 0 3 1 1 2 1 0 1 </CODE></PRE> <P>For each column I want to have the following statistics:<BR /> Field1 with 0 Values: 1<BR /> Field1 with 1 Values: 4<BR /> Field1 with 2 Values: 2<BR /> Field1 with 3 Values: 2<BR /> Field2 with 0 Values: 8<BR /> Field2 with 1 Values: 1<BR /> Field2 with 2 Values: 0<BR /> Field2 with 3 Values: 0<BR /> Field3 with 0 Values: 0<BR /> Field3 with 1 Values: 3<BR /> Field3 with 2 Values: 1<BR /> Field3 with 3 Values: 4<BR /> Field4 with 0 Values: 4<BR /> Field4 with 1 Values: 4<BR /> Field4 with 2 Values: 0<BR /> Field4 with 3 Values: 0<BR /> ...<BR /> until Field9.</P> <P>How can I do this? And it´s possible to adapt to a line chart?</P> <P>Thanks in advance.</P> <P>Best Regards.</P> Wed, 22 Jan 2020 00:01:31 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-a-table-with-several-fields-and-totals-by-each/m-p/490013#M136866 splunk_exercice 2020-01-22T00:01:31Z Re: How to create a table with several fields and totals by each value https://community.splunk.com/t5/Splunk-Search/How-to-create-a-table-with-several-fields-and-totals-by-each/m-p/490014#M136867 <PRE><CODE>| makeresults | eval _raw="Field1,Field2,Field3,Field4,Field5,Field6,Field7,Field8,Field9 1,0,1,0,0,3,0,0,3 1,0,3,1,0,1,1,0,0 2,0,1,0,1,3,0,0,3 1,0,3,1,0,1,1,0,1 3,0,2,0,0,3,0,0,3 1,0,3,1,0,3,0,0,1 3,1,1,0,0,1,1,0,3 0,0,3,1,1,2,1,0,1" | multikv forceheader=1 | table Field1,Field2,Field3,Field4,Field5,Field6,Field7,Field8,Field9 `comment("this is your sample")` `comment("from here , the logic")` | eval tmp=1 | untable tmp field_name value | eventstats count(eval(value=0)) as with0 count(eval(value=1)) as with1, count(eval(value=2)) as with2 count(eval(value=3)) as with3 by field_name | table field_name with* `comment("I think above is enough, but as you want, i do")` | untable field_name with_number value | rex field=with_number mode=sed "s/with(\d)/with \1/" | eval value = "value: ".value </CODE></PRE> <P>Hi, @splunk_exercice<BR /> How about this?</P> Wed, 22 Jan 2020 02:21:48 GMT https://community.splunk.com/t5/Splunk-Search/How-to-create-a-table-with-several-fields-and-totals-by-each/m-p/490014#M136867 to4kawa 2020-01-22T02:21:48Z