Solved: Can I use data from other rows and set them to a d...

yoshilog · ‎03-19-2021

Hi everyone,

I would like to ask if it's possible to use data from another row, to be set as the value of a different row with the same key... Such as in the table below.

id	username	status
XC2345		completed
XC2345		in progress
XC2345	killjoy	started
ZC9999		in progress
ZC9999	jett	started

In the example above, I would like to set the values for usernames of each row with the same id to the same as the one with values, for them to become like this:

id	username	status
XC2345	killjoy	completed
XC2345	killjoy	in progress
XC2345	killjoy	started
ZC9999	jett	in progress
ZC9999	jett	started

Would above be possible through eval or another function?

manjunathmeti · ‎03-19-2021

hi @yoshilog,
Yes, you can use event stats with the last function.

your_Search | eventstats last(username) as username by id

If this reply helps you, an upvote/like would be appreciated.

View solution in original post

manjunathmeti · ‎03-19-2021

hi @yoshilog,
Yes, you can use event stats with the last function.

your_Search | eventstats last(username) as username by id

If this reply helps you, an upvote/like would be appreciated.

yoshilog · ‎03-21-2021

Thank you. It worked.

Can I use data from other rows and set them to a different row who have the same key?

stats

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms