Hello everyone,

I'm currently working on a Dashboard to visualize Database latency across various machines, and I'm encountering an issue with the Line Chart's SPL (Search Processing Language). The SPL requirement is to retrieve all values of the field ms_per_block grouped by ds_file_path and machine.

Here's my SPL:

index=development sourcetype=custom_function user_action=database_test ds_file=*
| eval ds_file_path=ds_path."\\".ds_file
| search ds_file_path="\\\\swmfs\\orca_db_january_2024\\type\\rwo.ds"
| chart values(ms_per_block) by ds_file_path machine


My result:

My goal is to have the output where each ds_file_path value is listed in individual rows along with the corresponding machine and ms_per_block values in separate rows. I've tried using the table command:

| table ds_file_path, machine, ms_per_block

But this doesn't give me the desired output. The machine name is under a field, whereas I need the machine name to be a separate field, each containing its respective ms_per_block value.

I feel like I'm missing something here. Any guidance on how to achieve this would be greatly appreciated. Thanks in advance!