How do I merge events by time to create a table fo...

michaelboesl · ‎10-04-2018

I have a list of events, with the following content

event1: _time=123 Tag="X" Value="12.2"
event2: _time=123 Tag="Y" Value="55.2"
event3: _time=123 Tag="Z" Value="3.2"
event4: _time=234 Tag="X" Value="12.4"
event5: _time=234 Tag="Y" Value="55.0"
event6: _time=234 Tag="Z" Value="2.8"
...

The values are coordinates (X, Y, Z), that i want to visualize in a 3d scatter plot. Unfortunately, i have each coordinate in a single event.

How can i merge those events to create a table afterwards with

(wanted command) | table _time X Y Z

???

The table should have this structure:

_time   X       Y       Z
123     12.2    55.2    3.2
234     12.4    55.0    2.8

michaelboesl · ‎10-15-2018

I received the solution for my problem:
https://stackoverflow.com/questions/52645827/merge-events-by-time-to-create-a-table-for-3d-scatterpl...

How do I merge events by time to create a table for 3D Scatterplot - Custom Visualization?

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI

Join the Conversation

How do I merge events by time to create a table for 3D Scatterplot - Custom Visualization?

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI