Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

for a data set with a common request ID but data is scattered in different rows but want to get in 1 line for and just 1 row

varunawasthi9
New Member
‎04-18-2019 08:00 AM

I have a data like I am searching with a request ID

and I get below data like
time 1: request id=1 account details and elapsed time
time 2 request id=1 account codes
time 3 request id= 1 viewname and view 2
time 1: request id=2 account details and elapsed time
time 2 request id=2 account codes
time 3 request id=2 viewname and view2

I want like the below

request id accountdetails accountcd viewname view2
1 abc abc_cd skyview earthview
2 xyz xyz_cd sky1view earthview1

can you please help how can i achive this , thanks in advance

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎04-18-2019 08:54 AM

Give this a try (adjust the field name per yours)

your base search fetching all 3 type of events
| stats values(account_details) as account_details values(accountcd) as accountcd values(viewname) as viewname values(view2) as view2 by request_id
0 Karma
Reply

varunawasthi9
New Member
‎04-18-2019 08:57 AM

also in above the account details contain more than 1 account details for which need those in it like all ones

0 Karma
Reply

somesoni2
Revered Legend
‎04-18-2019 09:07 AM

Could you explain this with an example? (what you're getting right now and what you want)

0 Karma
Reply

varunawasthi9
New Member
‎04-18-2019 08:56 AM

what to do for date if I want to get along with above columns

0 Karma
Reply

somesoni2
Revered Legend
‎04-18-2019 09:05 AM

Based on which time you want, you can include max(_time) as _time OR min(_time) as _time in the stats.

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...