Getting Data In

Can you help me output field name, value from stats table to CSV?

benthehen100
Engager

Hello,

I'm trying to get a very specific output format that can be fed into our ticketing system.

I have the following table in Splunk, top line is field names:

sender                             recipient                                 subject
lolwut@domain.com     bob@company.com                                   example1
lolwut@domain.com     alice@company.com                                   example2

This can either be a table or a set of stats values() multivalue fields.

I need the final table to output to a CSV like this:

sender            lolwut@domain.com
sender            lolwut@domain.com
recipient         bob@company.com
recipient          alice@company.com
subject            example1
subject            example2
0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

Give this a try

your current search giving fields sender recipient subject
| eval temp=1 
| untable temp fieldName fieldValue
| fields - temp

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

Give this a try

your current search giving fields sender recipient subject
| eval temp=1 
| untable temp fieldName fieldValue
| fields - temp

benthehen100
Engager

This worked for me, never heard of the untable command and the doc is a bit weak but this got what I needed. Thank you much!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...