Solved: How to turn values into their own field?

russell120 · ‎08-13-2019

Hi. I'd like to grab unique values of a field, and turn them into their own field. And then, to put their corresponding deviceID under them. Please see the example.csv:

classification   deviceID
alpha bravo       1001
alpha bravo       1002
alpha bravo       2002
  bravo           5500
  bravo           6600
  bravo           0077
  alpha           1114
  alpha           3334

How do I create a query to show this CSV manipulated like the below?:

alpha bravo   bravo   alpha
   1001       5500    1114
   1002       6600    3334
   2002       0077

somesoni2 · ‎08-13-2019

Give this a try

your current search giving fields classification,deviceID
| streamstats count as temp by classification
| xyseries temp classification deviceID | fields - temp

View solution in original post

somesoni2 · ‎08-13-2019

Give this a try

your current search giving fields classification,deviceID
| streamstats count as temp by classification
| xyseries temp classification deviceID | fields - temp

russell120 · ‎08-13-2019

Works perfectly. Thanks bro.

How to turn values into their own field?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

How to turn values into their own field?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem