Solved: How to search inverter column?

simo · ‎06-08-2022

hi,

it is possible transforms this table

column a	column b	column c	column d	column e	column f	column g
aaa	bbb	ccc	ddd	eee	fff	ggg

to

column a	column b	column c	column d	name	value
aaa	bbb	ccc	ddd	column e	eee
aaa	bbb	ccc	ddd	column f	fff
aaa	bbb	ccc	ddd	column g	ggg

Simone

mthomas_splunk · ‎06-08-2022

This will implement the manipulation, as per your example.

Generate sample data:

| makeresults 1
| eval _raw="column_a=aaa,column_b=bbb,column_c=ccc,column_d=ddd,column_e=eee,column_f=fff,column_g=ggg"
| extract
| fields - _raw _time _kv

Manipulate data:

| eval column_e=column_e."_-_".column_d."_-_".column_c."_-_".column_b."_-_".column_a
| fields - column_a, column_b, column_c, column_d
| transpose column_name=name
| rename "row 1" AS value
| rex field=value "(?<value>.*)_-_(?<column_d>.*)_-_(?<column_c>.*)_-_(?<column_b>.*)_-_(?<column_a>.*)"
| filldown
| table column_a, column_b, column_c, column_d, name, value

View solution in original post

mthomas_splunk · ‎06-08-2022

This will implement the manipulation, as per your example.

Generate sample data:

| makeresults 1
| eval _raw="column_a=aaa,column_b=bbb,column_c=ccc,column_d=ddd,column_e=eee,column_f=fff,column_g=ggg"
| extract
| fields - _raw _time _kv

Manipulate data:

| eval column_e=column_e."_-_".column_d."_-_".column_c."_-_".column_b."_-_".column_a
| fields - column_a, column_b, column_c, column_d
| transpose column_name=name
| rename "row 1" AS value
| rex field=value "(?<value>.*)_-_(?<column_d>.*)_-_(?<column_c>.*)_-_(?<column_b>.*)_-_(?<column_a>.*)"
| filldown
| table column_a, column_b, column_c, column_d, name, value

How to search inverter column?

other

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk