Can you help me create a table like the one in the...

syjayaraj · ‎10-04-2018

Dear Team,

I have data in this format, as shown in actual and expecting results as shown in expected. Is this achievable? May i request your heIp?

kamlesh_vaghela · ‎10-04-2018

@syjayaraj

Can you please try this?

YOUR_SEARCH
| table Label Value OID | chart values(Value) as Value over OID by Label

Sample Search:

|makeresults | eval data="Admin Status|2|505,SSH|2|505,Serial Number|FYUUU5|505,Admin Status|2|506,SSH|2|506,Serial Number|FYUUU6|506" | eval data =split(data,",") | mvexpand data | eval Label=mvindex(split(data,"|"),0),Value=mvindex(split(data,"|"),1),OID=mvindex(split(data,"|"),2) | table Label Value OID | chart values(Value) as Value over OID by Label

Thanks

kamlesh_vaghela · ‎10-05-2018

@syjayaraj

Have you tried this?

harishalipaka · ‎10-04-2018

hi @syjayaraj

try below,it is helped pls accept answer 🙂

|makeresults |eval Label="Admin status" ,Value=2,OID=505 |append [|makeresults |eval Label="SSH" ,Value=2,OID=505]|append [|makeresults |eval Label="Serial number" ,Value="FYUUU5",OID=505]|append [|makeresults |eval Label="Admin status" ,Value=2,OID=506]|append [|makeresults |eval Label="SSH" ,Value=1,OID=506]|append [|makeresults |eval Label="Serial number" ,Value="FYUUU6",OID=506] |table Label Value OID |chart values(Value) over OID by Label

Thanks
Harish

Can you help me create a table like the one in the following example?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

Can you help me create a table like the one in the following example?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability