Solved: Help with stats table output

adlireza · ‎09-28-2017

I have a dataset that can be represented as below:

Region=A State=1 City=a Product=Apple
Region=A State=1 City=b Product=Apple
Region=A State=1 City=c Product=Orange
Region=B State=1 City=d Product=Pineapple
Region=B State=2 City=e Product=Apple
Region=C State=1 City=f Product=Orange
Region=C State=2 City=g Product=Orange

How can I summarize by Region and State have a stats output table as below:

Region  |  State  | Apple  |  Orange  |  Pineapple
   A    |   1     |    2   |     0    |     0
   B    |   1     |    0   |     1    |     1
   B    |   2     |    1   |     0    |     0
   C    |   1     |    0   |     1    |     0
   C    |   2     |    0   |     1    |     0

HiroshiSatoh · ‎09-28-2017

Try this!

 (your search)   |stats 
count(eval(Product="Apple") as Apple,
count(eval(Product="Orange") as Orange,
count(eval(Product="Pineapple") as Pineapple, by Region,State

※Field extraction is required.
Region,State,Product

View solution in original post

HiroshiSatoh · ‎09-28-2017

Try this!

 (your search)   |stats 
count(eval(Product="Apple") as Apple,
count(eval(Product="Orange") as Orange,
count(eval(Product="Pineapple") as Pineapple, by Region,State

※Field extraction is required.
Region,State,Product

View solution in original post

adlireza · ‎10-02-2017

It's missing a few round brackets, but this is the answer that helped me, thanks.

Help with stats table output

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >