Splunk Search

Combining similar results

FraserC1
Path Finder

If I have the below results:

server_name secondary_id
server1 KB4571703
server1 KB4570508
server1 KB4566425
server2 KB4578013
server3 KB4569751
server3 KB4561600
server3 KB4565351
server4 KB4571703
server4 KB4570508

I would like to combine all instances of "server_name" into one row. Similar to below:

server_name secondary_id
server1 KB4571703
                 KB4570508
                 KB4566425
server2 KB4578013
server3 KB4569751
                 KB4561600
                 KB4565351
server4 KB4571703
                 KB4570508

Any ideas on how this could be achieved?

0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

You can try

...
| stats values(secondary_id) as secondary_id by server_name
| table server_name secondary_id

r. Ismo 

View solution in original post

isoutamo
SplunkTrust
SplunkTrust

You can try

...
| stats values(secondary_id) as secondary_id by server_name
| table server_name secondary_id

r. Ismo 

FraserC1
Path Finder

Hi @isoutamo ,

Thanks for this, that's given me exactly what I was looking for!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...