Dashboards & Visualizations

How to search inverter column?

simo
Path Finder

hi, 

it is possible transforms this table

column a column b column c column d column e column f column g
aaa bbb ccc ddd eee fff ggg

to 

column a column b column c column d name value
aaa bbb ccc ddd column e eee
aaa bbb ccc ddd column f fff
aaa bbb ccc ddd column g ggg

 

Simone

Labels (1)
0 Karma
1 Solution

mthomas_splunk
Splunk Employee
Splunk Employee

This will implement the manipulation, as per your example.

Generate sample data:

| makeresults 1
| eval _raw="column_a=aaa,column_b=bbb,column_c=ccc,column_d=ddd,column_e=eee,column_f=fff,column_g=ggg"
| extract
| fields - _raw _time _kv

Manipulate data:

| eval column_e=column_e."_-_".column_d."_-_".column_c."_-_".column_b."_-_".column_a
| fields - column_a, column_b, column_c, column_d
| transpose column_name=name
| rename "row 1" AS value
| rex field=value "(?<value>.*)_-_(?<column_d>.*)_-_(?<column_c>.*)_-_(?<column_b>.*)_-_(?<column_a>.*)"
| filldown
| table column_a, column_b, column_c, column_d, name, value

View solution in original post

0 Karma

mthomas_splunk
Splunk Employee
Splunk Employee

This will implement the manipulation, as per your example.

Generate sample data:

| makeresults 1
| eval _raw="column_a=aaa,column_b=bbb,column_c=ccc,column_d=ddd,column_e=eee,column_f=fff,column_g=ggg"
| extract
| fields - _raw _time _kv

Manipulate data:

| eval column_e=column_e."_-_".column_d."_-_".column_c."_-_".column_b."_-_".column_a
| fields - column_a, column_b, column_c, column_d
| transpose column_name=name
| rename "row 1" AS value
| rex field=value "(?<value>.*)_-_(?<column_d>.*)_-_(?<column_c>.*)_-_(?<column_b>.*)_-_(?<column_a>.*)"
| filldown
| table column_a, column_b, column_c, column_d, name, value

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...