Solved: How to turn values into their own field?

russell120 · ‎08-13-2019

Hi. I'd like to grab unique values of a field, and turn them into their own field. And then, to put their corresponding deviceID under them. Please see the example.csv:

classification   deviceID
alpha bravo       1001
alpha bravo       1002
alpha bravo       2002
  bravo           5500
  bravo           6600
  bravo           0077
  alpha           1114
  alpha           3334

How do I create a query to show this CSV manipulated like the below?:

alpha bravo   bravo   alpha
   1001       5500    1114
   1002       6600    3334
   2002       0077

somesoni2 · ‎08-13-2019

Give this a try

your current search giving fields classification,deviceID
| streamstats count as temp by classification
| xyseries temp classification deviceID | fields - temp

View solution in original post

somesoni2 · ‎08-13-2019

Give this a try

your current search giving fields classification,deviceID
| streamstats count as temp by classification
| xyseries temp classification deviceID | fields - temp

russell120 · ‎08-13-2019

Works perfectly. Thanks bro.

How to turn values into their own field?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation