Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I make transpose work for all more than 5 days of data?

ashidhingra
Path Finder
‎07-20-2022 10:30 AM

My actual query as all this data.

ashidhingra_0-1658338219120.png

 


but after i use transpose 

| sort by _time desc
| eval mytime=strftime(_time, "%B %d %Y")
| fields - _* | transpose header_field=mytime

I only see the result for first 5 columns 

ashidhingra_1-1658338252531.png

 



How can i make transpose work for all more than 5days of data

Also is there a way to generically format the color. Because the date changes. 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-20-2022 10:51 AM

Try this

| transpose 0 header_field=mytime

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-20-2022 10:51 AM

Try this

| transpose 0 header_field=mytime
0 Karma
Reply
Solved! Jump to solution

ashidhingra
Path Finder
‎07-20-2022 10:54 AM

Thanks @ITWhisperer  you are the best!!

is there a way to generically format the color as the date changes everyday/

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...