Solved: Create data table conditinally

dhirendra761 · ‎11-21-2018

My logs are below content :

Export of US successfully transferred to FR
Import successfully ended on US from export of FR with exit code 0
Export successfully ended on SP with exit code 0

means that
* file created on FR server was copied into the server of FR : OK
*the DATA from FR was added to US : OK

based on below logs I Need to create below table.

++++Exports+++

GE SP FR UK

GE Blank OK OK KO

SP OK Blank OK KO

FR OK OK Blank OK

UK OK OK OK Blank

Is it possible to create table like this. Export is table and bold tags are rows and columns of table.
I am trying a lot, but not succeeding. Any help will be appreciated.

493669 · ‎11-21-2018

As already stated,
if you want to make blank for same field values try where/search condition like below-

|where File_Created!=File_Copied| maketable File_Created,File_Copied,count| rename File_Created as Country

View solution in original post

493669 · ‎11-21-2018

As already stated,
if you want to make blank for same field values try where/search condition like below-

|where File_Created!=File_Copied| maketable File_Created,File_Copied,count| rename File_Created as Country

Create data table conditinally

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation