Alerting

How to combine fields in a column of a table

Mrig342
Contributor

Hi All,

I have created the below table using a query as (...... | stats count as Total by Domain,Act_Status)

DomainAct_StatusTotal
ARUNNING65
ASTOPPED2
BRUNNING75
CRUNNING2
CSTOPPED2
DRUNNING26
DSTOPPED6
ERUNNING43

 

Here I want to create the table in a way that the common Domains are in a row like below:

Domain

Act_Status

Total

A

RUNNING

STOPPED

65

2

BRUNNING75
C

RUNNING

STOPPED

2

2

D

RUNNING

STOPPED

26

6

ERUNNING43

 

Please help a modify the query to get the desired output.

 

Thank you.

Labels (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

Add this to your search

| stats list(Act_Status) as Act_Status list(Total) as Total by Domain
| table Domain Act_Status Total

View solution in original post

Mrig342
Contributor

Thank you very much for the support. That query works fine now.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Add this to your search

| stats list(Act_Status) as Act_Status list(Total) as Total by Domain
| table Domain Act_Status Total

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Mrig342 

Can you please try this?

YOUR_SEARCH
| stats values(Act_Status) as Act_Status values(Total) as Total by Domain

 

My Sample Search :

| makeresults | eval _raw="Domain	Act_Status	Total
A	RUNNING	65
A	STOPPED	2
B	RUNNING	75
C	RUNNING	2
C	STOPPED	2
D	RUNNING	26
D	STOPPED	6
E	RUNNING	43" | multikv forceheader=1 
| stats values(Act_Status) as Act_Status values(Total) as Total by Domain

 

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...