Solved: Add values to the end of table

Abarny · ‎04-18-2017

Hi guys,

Can you tell me if is it possible to add a values on fields to the end of a table to an other fields

Exemple:
For moment I have that

TitreInit            TitileNew
Title 1            Title 7
                      Title 6
                      Title 5
                      Title 4
                      Title 3
                      Title 2

And i want this :

Title 

Title 7
Title 6
Title 5
Title 4
Title 3
Title 2
Title 1

I do this request :

index="gta_projets"
|fields logs{}.projectId, logs{}.newTitle  
|rename logs{}.projectId as "NOVA ID"
|join [|search index="gtav2_projects"  projects{}.icma="xxx" 
|fields projects{}.title, projects{}.id 
| rename projects{}.id  as "NOVA ID" ]
| stats values(projects{}.title) as TitreInit, list(logs{}.newTitle) as TitileNew

3no · ‎04-18-2017

You're looking for coalesce command.

Add this at the end of your request :

|eval Title = coalesce(TitreInit,TitileNew) | table Title

View solution in original post

3no · ‎04-18-2017

You're looking for coalesce command.

Add this at the end of your request :

|eval Title = coalesce(TitreInit,TitileNew) | table Title

Abarny · ‎04-18-2017

Thanks you !

Add values to the end of table

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies

Are you a member of the Splunk Community?

Add values to the end of table

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Splunk App for Anomaly Detection End of Life Announcement

Aligning Observability Costs with Business Value: Practical Strategies