Dashboards & Visualizations

Group row values to column - Summary Index

sreerajrajan
New Member

My summary index search results for a timechart is as below: (index="siabc" | sitimechart sum(Count) by Host)

Time Host Count
19:15 server1 4446
19:15 server2 6536
19:15 server3 5863
19:15 server4 7822
19:20 server1 4461
19:20 server2 6244
19:20 server3 5565
19:20 server4 7713
19:25 server1 4478
19:25 server2 6060
19:25 server3 5715
19:25 server4 7998

How can i change to
Time server1 server2 server3 server4
19:15 4446 6536 5863 7822
19:20 4461 6244 5565 7713
19:25 4478 6060 5715 7998

0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust
... mysummarysearch ...
| chart sum(Count) over Time by Host

Give that a try, let us know how it works!

View solution in original post

0 Karma

Richfez
SplunkTrust
SplunkTrust
... mysummarysearch ...
| chart sum(Count) over Time by Host

Give that a try, let us know how it works!

0 Karma

sreerajrajan
New Member

Thanks! it worked.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...