Solved: How to turn values into their own field?

russell120 · ‎08-13-2019

Hi. I'd like to grab unique values of a field, and turn them into their own field. And then, to put their corresponding deviceID under them. Please see the example.csv:

classification   deviceID
alpha bravo       1001
alpha bravo       1002
alpha bravo       2002
  bravo           5500
  bravo           6600
  bravo           0077
  alpha           1114
  alpha           3334

How do I create a query to show this CSV manipulated like the below?:

alpha bravo   bravo   alpha
   1001       5500    1114
   1002       6600    3334
   2002       0077

somesoni2 · ‎08-13-2019

Give this a try

your current search giving fields classification,deviceID
| streamstats count as temp by classification
| xyseries temp classification deviceID | fields - temp

View solution in original post

somesoni2 · ‎08-13-2019

Give this a try

your current search giving fields classification,deviceID
| streamstats count as temp by classification
| xyseries temp classification deviceID | fields - temp

russell120 · ‎08-13-2019

Works perfectly. Thanks bro.

How to turn values into their own field?

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Are you a member of the Splunk Community?

How to turn values into their own field?

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...