topic Re: How to fetch relevant data from the different log lines based on a unique ID ? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-to-fetch-relevant-data-from-the-different-log-lines-based-on/m-p/530791#M149946 <LI-CODE lang="markup">index=_internal | head 1 | fields _raw | eval _raw="Time=DDMMY ID=001 INFO Requester=Bob Time=DDMMY ID=001 INFO Request Type=Normal Time=DDMMYY ID=001 INFO Request Status=success" | multikv noheader=t | table _raw | rex "(?&lt;comment&gt;(?# the logic))" | kv | stats last(Time) as Time values(Requester) as Requester values(Type) as Request_Type values(Status) as Request_Status by ID</LI-CODE> Wed, 25 Nov 2020 11:00:45 GMT to4kawa 2020-11-25T11:00:45Z How to fetch relevant data from the different log lines based on a unique ID ? https://community.splunk.com/t5/Splunk-Search/How-to-fetch-relevant-data-from-the-different-log-lines-based-on/m-p/530788#M149945 <DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><P>Hi There,</P><P>I need to fetch some data based on a unique ID from the different log lines can you please help me with the search query.</P><P>Example for relevant logs with unique ID will be:</P><P>Time=DDMMY ID=001 INFO Requester=Bob</P><P>Time=DDMMY ID=001 INFO Request Type=Normal</P><P>Time=DDMMYY ID=001 INFO Request Status=success</P><P>&nbsp;</P><P>So, need them in this format</P><P>Time&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ID&nbsp; &nbsp;Requester&nbsp;Request Type&nbsp;Request Status</P><P>DDMMYY&nbsp; &nbsp; &nbsp; &nbsp; 001&nbsp; &nbsp; &nbsp; &nbsp;Bob&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Normal&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Success</P><P>&nbsp;</P><P>Please Help. Thanks in advance.</P><P>&nbsp;</P> Wed, 25 Nov 2020 10:13:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-fetch-relevant-data-from-the-different-log-lines-based-on/m-p/530788#M149945 2chs 2020-11-25T10:13:40Z Re: How to fetch relevant data from the different log lines based on a unique ID ? https://community.splunk.com/t5/Splunk-Search/How-to-fetch-relevant-data-from-the-different-log-lines-based-on/m-p/530791#M149946 <LI-CODE lang="markup">index=_internal | head 1 | fields _raw | eval _raw="Time=DDMMY ID=001 INFO Requester=Bob Time=DDMMY ID=001 INFO Request Type=Normal Time=DDMMYY ID=001 INFO Request Status=success" | multikv noheader=t | table _raw | rex "(?&lt;comment&gt;(?# the logic))" | kv | stats last(Time) as Time values(Requester) as Requester values(Type) as Request_Type values(Status) as Request_Status by ID</LI-CODE> Wed, 25 Nov 2020 11:00:45 GMT https://community.splunk.com/t5/Splunk-Search/How-to-fetch-relevant-data-from-the-different-log-lines-based-on/m-p/530791#M149946 to4kawa 2020-11-25T11:00:45Z