Solved: How to search inverter column?

simo · ‎06-08-2022

hi,

it is possible transforms this table

column a	column b	column c	column d	column e	column f	column g
aaa	bbb	ccc	ddd	eee	fff	ggg

to

column a	column b	column c	column d	name	value
aaa	bbb	ccc	ddd	column e	eee
aaa	bbb	ccc	ddd	column f	fff
aaa	bbb	ccc	ddd	column g	ggg

Simone

mthomas_splunk · ‎06-08-2022

This will implement the manipulation, as per your example.

Generate sample data:

| makeresults 1
| eval _raw="column_a=aaa,column_b=bbb,column_c=ccc,column_d=ddd,column_e=eee,column_f=fff,column_g=ggg"
| extract
| fields - _raw _time _kv

Manipulate data:

| eval column_e=column_e."_-_".column_d."_-_".column_c."_-_".column_b."_-_".column_a
| fields - column_a, column_b, column_c, column_d
| transpose column_name=name
| rename "row 1" AS value
| rex field=value "(?<value>.*)_-_(?<column_d>.*)_-_(?<column_c>.*)_-_(?<column_b>.*)_-_(?<column_a>.*)"
| filldown
| table column_a, column_b, column_c, column_d, name, value

View solution in original post

mthomas_splunk · ‎06-08-2022

This will implement the manipulation, as per your example.

Generate sample data:

| makeresults 1
| eval _raw="column_a=aaa,column_b=bbb,column_c=ccc,column_d=ddd,column_e=eee,column_f=fff,column_g=ggg"
| extract
| fields - _raw _time _kv

Manipulate data:

| eval column_e=column_e."_-_".column_d."_-_".column_c."_-_".column_b."_-_".column_a
| fields - column_a, column_b, column_c, column_d
| transpose column_name=name
| rename "row 1" AS value
| rex field=value "(?<value>.*)_-_(?<column_d>.*)_-_(?<column_c>.*)_-_(?<column_b>.*)_-_(?<column_a>.*)"
| filldown
| table column_a, column_b, column_c, column_d, name, value

How to search inverter column?

other

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability