Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Create a Table view of Columns from Source file

Mallik657
Explorer
‎11-09-2023 04:25 AM

I have a source file with comma separated fields, I have to create a table where I need combine and show statistics of different products.

Data file fields - TeamName,EmploymentType,Skills,TrainingCompleted

Source File data:
TeamA,Contract,Java,Yes
TeamA,Contract,DotNet,No
TeamA,Contract,C++,Yes
TeamA,Contract,ReactJS,No
TeamB,Permanent,Java,Yes
TeamB,Permanent,DotNet,No
TeamB,Permanent,C++,Yes
TeamB,Permanent,ReactJS,No
TeamC,Contract,Java,Yes
TeamC,Contract,DotNet,No
TeamC,Contract,C++,Yes
TeamC,Contract,ReactJS,No
TeamD,Permanent,Java,Yes
TeamD,Permanent,DotNet,No
TeamD,Permanent,C,Yes
TeamD,Permanent,ReactJS,No
TeamE,Contract,Java,Yes
TeamE,Contract,DotNet,No
TeamE,Contract,Java,Yes

Now the requirement is to create a table view of source file with below columns:

TeamNameEmploymentTypeSkillsTrainingCompletedTeam AppearanceTraining Completion%
TeamAContractJava,DotNet,ReactJS,C++2450%
TeamBPermanentJava,DotNet,ReactJS,C++2450%
TeamCContractJava,DotNet,ReactJS,C++2450%
TeamDPermanentJava,DotNet,ReactJS,C2450%
TeamEContractJava,Dotnet2367%

 

Please give me the exact query. I am beginner in Splunk. 

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-09-2023 04:49 AM 
| stats values(Skills) as Skills count(eval(TrainingCompleted=="Yes")) as TrainingCompleted count as "Team Appearance" by TeamName EmploymentType
| eval Skills=mvjoin(Skills,",")
| eval "TrainingCompleted%"=round(100*TrainingCompleted/'Team Appearance',0)."%"

View solution in original post

Reply
Solved! Jump to solution

Mallik657
Explorer
‎11-15-2023 11:44 PM

Thank you @ITWhisperer   Can you also help me on how I can add another column  "Previous week Training Completion%" 

So that I can compare what is the progress from previous week to present week Training completion.

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-16-2023 01:51 AM

That is a different question, given that you don't appear to have any dates in your dataset.

0 Karma
Reply
Solved! Jump to solution

Mallik657
Explorer
‎11-16-2023 03:40 AM

@ITWhisperer  Yes that's right. Once in a week the the progress data file will be pushed to Splunk. So how can we compare previous week and this week data for Training completion percentage?

So that i know the progress from the last week to this week.

 

I can post a new question if needed 🙂 

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-09-2023 04:49 AM 
| stats values(Skills) as Skills count(eval(TrainingCompleted=="Yes")) as TrainingCompleted count as "Team Appearance" by TeamName EmploymentType
| eval Skills=mvjoin(Skills,",")
| eval "TrainingCompleted%"=round(100*TrainingCompleted/'Team Appearance',0)."%"
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...