Dashboards & Visualizations

How to get the column result into row wise for multivalue events?

VsplunkV
Explorer

Hi Everyone,

I have multivalues in the events, As per the Screenshot below, How can I get the DiskGB value in row Instead of Column. Expect output show in the Below Screenshot. Can someone please help me with the query.

Thank you in Advance.
alt text

0 Karma
1 Solution

somesoni2
Revered Legend

If you search is like this (last command being stats, aggregate function for Memory can be different)

your base search | ... other code...
| stats max(Memory) as Memory values(DiskGB) as DiskGB by Service

Then try like this

your base search | ... other code...
| stats max(Memory) as Memory values(DiskGB) as DiskGB by Service delim="," | nomv DiskGB

View solution in original post

somesoni2
Revered Legend

If you search is like this (last command being stats, aggregate function for Memory can be different)

your base search | ... other code...
| stats max(Memory) as Memory values(DiskGB) as DiskGB by Service

Then try like this

your base search | ... other code...
| stats max(Memory) as Memory values(DiskGB) as DiskGB by Service delim="," | nomv DiskGB
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...