Solved: Group row values to column - Summary Index

sreerajrajan · ‎11-26-2015

My summary index search results for a timechart is as below: (index="siabc" | sitimechart sum(Count) by Host)

Time Host Count
19:15 server1 4446
19:15 server2 6536
19:15 server3 5863
19:15 server4 7822
19:20 server1 4461
19:20 server2 6244
19:20 server3 5565
19:20 server4 7713
19:25 server1 4478
19:25 server2 6060
19:25 server3 5715
19:25 server4 7998

How can i change to
Time server1 server2 server3 server4
19:15 4446 6536 5863 7822
19:20 4461 6244 5565 7713
19:25 4478 6060 5715 7998

Richfez · ‎11-26-2015

... mysummarysearch ...
| chart sum(Count) over Time by Host

Give that a try, let us know how it works!

View solution in original post

Richfez · ‎11-26-2015

... mysummarysearch ...
| chart sum(Count) over Time by Host

Give that a try, let us know how it works!

sreerajrajan · ‎11-26-2015

Thanks! it worked.

Group row values to column - Summary Index

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk