Solved: Help with stats table output

adlireza · ‎09-28-2017

I have a dataset that can be represented as below:

Region=A State=1 City=a Product=Apple
Region=A State=1 City=b Product=Apple
Region=A State=1 City=c Product=Orange
Region=B State=1 City=d Product=Pineapple
Region=B State=2 City=e Product=Apple
Region=C State=1 City=f Product=Orange
Region=C State=2 City=g Product=Orange

How can I summarize by Region and State have a stats output table as below:

Region  |  State  | Apple  |  Orange  |  Pineapple
   A    |   1     |    2   |     0    |     0
   B    |   1     |    0   |     1    |     1
   B    |   2     |    1   |     0    |     0
   C    |   1     |    0   |     1    |     0
   C    |   2     |    0   |     1    |     0

HiroshiSatoh · ‎09-28-2017

Try this!

 (your search)   |stats 
count(eval(Product="Apple") as Apple,
count(eval(Product="Orange") as Orange,
count(eval(Product="Pineapple") as Pineapple, by Region,State

※Field extraction is required.
Region,State,Product

View solution in original post

HiroshiSatoh · ‎09-28-2017

Try this!

 (your search)   |stats 
count(eval(Product="Apple") as Apple,
count(eval(Product="Orange") as Orange,
count(eval(Product="Pineapple") as Pineapple, by Region,State

※Field extraction is required.
Region,State,Product

adlireza · ‎10-02-2017

It's missing a few round brackets, but this is the answer that helped me, thanks.

Help with stats table output

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

Help with stats table output

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I