Archive

How to combine information to a list

jenniferhao
Explorer

Hello,

I have a query to get the following lines:
element ID value temp (wanted)
ABC 1 false "false false false true true false"
ABC 4 true "false false false true true false"
ABC 2 false "false false false true true false"
ABC 3 false "false false false true true false"
ABC 5 true "false false false true true false"
ABC 6 false "false false false true true false"

Sort by ID and get their values list "false false false true true false" to a variable .
index="x" sourcetype="y"

| sort 0 element ID
| streamstats list(value) AS temp by element

How can I make the last list "false false false true true false" to temp as above?

Thanks

Tags (1)
0 Karma
1 Solution

mayurr98
SplunkTrust
SplunkTrust

try this:

index="x" sourcetype="y"
| sort 0 element ID
| eventstats list(value) AS temp by element

View solution in original post

0 Karma

mayurr98
SplunkTrust
SplunkTrust

try this:

index="x" sourcetype="y"
| sort 0 element ID
| eventstats list(value) AS temp by element

View solution in original post

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!