Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Combining similar results

FraserC1
Path Finder
‎08-20-2020 09:21 AM

If I have the below results:

server_name secondary_id
server1 KB4571703
server1 KB4570508
server1 KB4566425
server2 KB4578013
server3 KB4569751
server3 KB4561600
server3 KB4565351
server4 KB4571703
server4 KB4570508

I would like to combine all instances of "server_name" into one row. Similar to below:

server_name secondary_id
server1 KB4571703
                 KB4570508
                 KB4566425
server2 KB4578013
server3 KB4569751
                 KB4561600
                 KB4565351
server4 KB4571703
                 KB4570508

Any ideas on how this could be achieved?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-20-2020 09:36 AM

You can try

...
| stats values(secondary_id) as secondary_id by server_name
| table server_name secondary_id

r. Ismo 

View solution in original post

Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎08-20-2020 09:36 AM

You can try

...
| stats values(secondary_id) as secondary_id by server_name
| table server_name secondary_id

r. Ismo 

Reply
Solved! Jump to solution

FraserC1
Path Finder
‎08-20-2020 02:22 PM

Hi @isoutamo ,

Thanks for this, that's given me exactly what I was looking for!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...