Solved: How to Transpose Group of Columns in Rows?

mxh7777 · ‎07-26-2022

Hello,
I'd like to transpose a table results by grouping by columns.

Here is my table

time1	event1	time2	event2	time3	event3
01/01/2022	titi	02/01/2022	toto	04/01/2022	tata

I'd like to transpose this structure in this way

time	content
01/01/2022	titi
02/01/2022	toto
04/01/2022	tata

I didn't find a way to solve this

Thans in advance

ITWhisperer · ‎07-26-2022

One way might be something like this

| eval row=mvrange(1,4)
| mvexpand row
| foreach event*
    [| eval content=if(row=<<MATCHSEG1>>,<<FIELD>>,content)]
| foreach time*
    [| eval time=if(row=<<MATCHSEG1>>,<<FIELD>>,time)]
| table time content

View solution in original post

ITWhisperer · ‎07-26-2022

One way might be something like this

| eval row=mvrange(1,4)
| mvexpand row
| foreach event*
    [| eval content=if(row=<<MATCHSEG1>>,<<FIELD>>,content)]
| foreach time*
    [| eval time=if(row=<<MATCHSEG1>>,<<FIELD>>,time)]
| table time content

mxh7777 · ‎07-26-2022

Hi @ITWhisperer

Thanks for this perfect solution !!

How to Transpose Group of Columns in Rows?

data model

Tips & Tricks When Using Ingest Actions

Announcing Our Splunk MVPs

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!