Solved: How can I create a table with different fields fro...

naveenchappa · ‎11-21-2016

After we process a client file, we get event in splunk as shown in below snapshot.

From these events I want to build a table something like below.

Can someone please help?

Regards,
Naveen

cmerriman · ‎11-22-2016

....|stats values(ERP_WP_PAYSTATEMENTS) as ERP_WP_PAYSTATEMENTS values(CDM_WP_PAYSTATEMENTS) as CDM_WP_PAYSTATEMENTS values(CDM_EE_LIEN_COUNT) as CDM_EE_LIEN_COUNT values(ARFF_WP_PAYSTATEMENTS) as ARFF_WP_PAYSTATEMENTS values(ARFF_EE_LIEN_COUNT) as  ARFF_EE_LIEN_COUNT by TransactionId CLIENT_ID

This should work if the paystatement values are fields. otherwise we might have to create some regex statements.

View solution in original post

cmerriman · ‎11-22-2016

....|stats values(ERP_WP_PAYSTATEMENTS) as ERP_WP_PAYSTATEMENTS values(CDM_WP_PAYSTATEMENTS) as CDM_WP_PAYSTATEMENTS values(CDM_EE_LIEN_COUNT) as CDM_EE_LIEN_COUNT values(ARFF_WP_PAYSTATEMENTS) as ARFF_WP_PAYSTATEMENTS values(ARFF_EE_LIEN_COUNT) as  ARFF_EE_LIEN_COUNT by TransactionId CLIENT_ID

This should work if the paystatement values are fields. otherwise we might have to create some regex statements.

naveenchappa · ‎11-22-2016

Thank you @cmerriman it worked.

How can I create a table with different fields from different events?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

How can I create a table with different fields from different events?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits