Solved: how to Convert single row values to multiple rows ...

hqw · ‎12-07-2015

Hi all,

I want to convert a table for further calculation, there are two columns and they came from different part and join by appendcols command. database_count is a standard number in my database, which is directly extracted from database and then saved as a saved report. Now I want to compare the difference in each hour of real working number. After run my search, my result is as displayed, but it only has a standard number in the first row. What I want is to fill all the rows with that number, so later I can calculate the difference by each hour.

Please kindly help. thanks.

What I want:

hour    current_reporting   database_count
00            33                  494
01          25                494
02          19                494
03          15                494

My search:

NOT Reference  |eval hour=strftime(_time,"%H") | stats   values(name) as name_values   by hour  | stats dc(name_values) AS current_reporting by hour |appendcols [|savedsearch monitoring_data|search tags="*"  | stats dc(name) as database_count]

sundareshr · ‎12-07-2015

I think you may be able to do

.. | eventstats sum(database_count) as databasecount

View solution in original post

sundareshr · ‎12-07-2015

I think you may be able to do

.. | eventstats sum(database_count) as databasecount

hqw · ‎12-07-2015

Sorry Sundareshr, i misunderstood you, now it is working fine now, thanks a lot.

hqw · ‎12-07-2015

hello Sundareshr,

thanks for your reply, but it is not working

how to Convert single row values to multiple rows after appendcols