Two dimentional table with static headers (row and...

shayhibah · ‎08-27-2018

Hi,
I would like to create the following table:

The values inside the table should be filled based on search results.
I tired so many option but I could not find a solution to this.

Does anyone have the correct full answer?

mayurr98 · ‎08-27-2018

can you give sample 2-3 events and output you want?

kamlesh_vaghela · ‎08-27-2018

@shayhibah

You can achieve this by the following search.

YOUR_SEARCH | append [
| makeresults | eval Fields="A,B,C,D,E", Fields=split(Fields,",") | mvexpand Fields | eval Blue="", Red="" | table Fields Blue Red ] | stats values(Blue) as Blue values(Red) as Red by Fields

I have used field Fields to define "A,B,C,D,E" values. You can change it as per your requirement.

Note:

YOUR_SEARCH should return column Fields with "A,B,C,D,E" values and Red Blue column. It might be all OR some values.

Please try and let me know if any help required.

Thanks

Two dimentional table with static headers (row and column) and dynamically values

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation