Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Add values to the end of table

Abarny
Path Finder
‎04-18-2017 04:07 AM

Hi guys,

Can you tell me if is it possible to add a values on fields to the end of a table to an other fields

Exemple:
For moment I have that 

TitreInit            TitileNew
Title 1            Title 7
                      Title 6
                      Title 5
                      Title 4
                      Title 3
                      Title 2

And i want this :

Title 

Title 7
Title 6
Title 5
Title 4
Title 3
Title 2
Title 1

I do this request : 

index="gta_projets"
|fields logs{}.projectId, logs{}.newTitle  
|rename logs{}.projectId as "NOVA ID"
|join [|search index="gtav2_projects"  projects{}.icma="xxx" 
|fields projects{}.title, projects{}.id 
| rename projects{}.id  as "NOVA ID" ]
| stats values(projects{}.title) as TitreInit, list(logs{}.newTitle) as TitileNew
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

3no
Communicator
‎04-18-2017 04:12 AM

You're looking for coalesce command.

Add this at the end of your request : 

|eval Title = coalesce(TitreInit,TitileNew) | table Title

View solution in original post

Reply
Solved! Jump to solution
Solution

3no
Communicator
‎04-18-2017 04:12 AM

You're looking for coalesce command.

Add this at the end of your request : 

|eval Title = coalesce(TitreInit,TitileNew) | table Title
Reply
Solved! Jump to solution

Abarny
Path Finder
‎04-18-2017 06:02 AM

Thanks you !

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...