How to relate multi values in a table

HigorAzevedo · ‎01-03-2025

Bom dia!
No cenário apresentado abaixo, não consigo associar os itens em uma tabela dentro do campo DbrfMatrial:
EngineeringCode, ItemDescription, ItemQty, SolutionCode

Usei o índice abaixo!

index=analise Task.TaskStatus="Concluído" Task.DbrfMaterial{}. SolutionCode="410 TROCA DO MOD/PLACA/PECA" State IN ("*") CustomerName IN ("*") ItemCode("*")
| mvexpand Task.DbrfMaterial{}. Código
de Engenharia| pesquise Task.DbrfMaterial{}. CódigoDeEngenharia="*"
| contagem de estatísticas por Task.DbrfMaterial{}. Código
de Engenharia| renomear contagem como Quantidade

| cabeça 20
| tabela Task.DbrfMaterial{}. Quantidade
do código de engenharia| ordenar -Quantidade
| appendcols [ search index=brazilcalldata Task.TaskStatus="Concluído" Task.DbrfMaterial.SolutionCode="410 TROCA DO MOD/PLACA/PECA" CustomerName IN ("*") State IN ("*") Task.DbrfMaterial.EngineeringCode="*" ItemCode = "*"
| stats count, sum(Task.DbrfMaterial.ItemQty) as TotalItemQty by Task.DbrfMaterial.EngineeringCode Task.DbrfMaterial.ItemDescription
| renomeie Task.DbrfMaterial.EngineeringCode como Item, Task.DbrfMaterial.ItemDescription como Descricao, TotalItemQty como "Qtde Itens"
| table Item Descrição "Qtde Itens" count
| sort - "Qtde Itens" ]
| eval TotalQuantity = Quantity + 'Qtde Itens'
| pesquise Task.DbrfMaterial{}. Código de Engenharia!=""
| tabela Task.DbrfMaterial{}. EngineeringCode Quantidade "Qtde Itens" TotalQuantity

HigorAzevedo · ‎01-07-2025

marnall!
Thank you for your support in resolving this issue!

HigorAzevedo · ‎01-06-2025

Good morning Marnall!
Thank you very much for your support....with your help I managed to solve this problem!!!

marnall · ‎01-11-2025

I am glad it is working 🙂

HigorAzevedo · ‎01-03-2025

I would like to view it in the format below

marnall · ‎01-03-2025

Talvez algo assim:

index=analise Task.TaskStatus="Concluído" Task.DbrfMaterial{}. SolutionCode="410 TROCA DO MOD/PLACA/PECA" State IN ("*") CustomerName IN ("*") ItemCode("*")
| spath path=Task.DbrfMaterial{} output=DbrfMaterial
| mvexpand DbrfMaterial
| table TaskNo DbrfMaterial
| spath input=DbrfMaterial path=
| table TaskNo EngineeringCode ItemDescription ItemQty SolutionCode

Como exatamente você gostaria que sua tablela fosse?

How to relate multi values in a table

splunk-assist

troubleshooting

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

How to relate multi values ​​in a table

splunk-assist

troubleshooting

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

How to relate multi values in a table