Solved: Creating a Data Table from CSV

ezajac · ‎09-07-2012

I am new to Splunk and only really understand the STATS Functions.

I have some CSV files that contain the fields that contain average response times for some testing that is performed monthly. ("Date", "OperationName", "Duration", "When")

This is the function I am running and each line only has one line so this kind of works for what I want to present in Splunk. Is there a better way to do this?

index="perf_results" | stats avg(Duration) as Duration by OperationName, When

What is getting returned looks like this

OperationName When Duration
Event 1 May 165
Event 1 June 168
Event 1 July 110
Event 1 August 114
Event 2 May 686
Event 2 June 885
Event 2 July 777
Event 2 August 600

What I would like is a report that presents information like this:

OperationName May June July August
Event 1 165 168 110 114
Event 2 686 885 777 600
Event 3 1000 1004 1100 1000

kristian_kolb · ‎09-07-2012

Try chart instead of stats;

... | chart avg(Duration) AS Duration over OperationName by When

Hope this helps,

Kristian

View solution in original post

kristian_kolb · ‎09-07-2012

Try chart instead of stats;

... | chart avg(Duration) AS Duration over OperationName by When

Hope this helps,

Kristian

kristian_kolb · ‎09-10-2012

While your soul is withering away at the slot machines, doused in cheap liquor - just think of all the fun I'll have with my Karma points.

😉

Drainy · ‎09-10-2012

Glad to see you take your win in your stride 😄

kristian_kolb · ‎09-10-2012

HAHA, .conf starts today, and you've been found wanting....

Drainy · ‎09-07-2012

Just to voice that this is the best answer, I cannot upvote it for political reasons 😉

Creating a Data Table from CSV

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases