Splunk Search

How do I change the output format of my search results?

SrinivasaC
Path Finder

Hi

Using the search below, I'm getting an output in the format below (A,B,C are headers):

A    B    C
------------------
46   23   34
46   23   45
46   23   67
46   56   26
46   56   48
46   56   16
56   12   21
56   12   43
56   12   54
98   29   67
98   29   98
98   29   64

But as per my client use, I need the output in the format below:

A      B      C
---------------------
46     23     34
              45
              67
46     56     26
              48
              16
---------------------
56     12     21
              43
              54
---------------------
98     29     67
              98
              64
---------------------

I have used stats, List, values, and transaction commands, but it didn't work.

Can I get any help?

Thanks in advance.

Tags (3)
0 Karma
1 Solution

woodcock
Esteemed Legend

This will do it:

 ... | stats list(C) AS C BY A B

View solution in original post

0 Karma

woodcock
Esteemed Legend

This will do it:

 ... | stats list(C) AS C BY A B
0 Karma

SrinivasaC
Path Finder

What if I need all columns would display under one column?
means in output A , B and C should merged into one column as "A".

0 Karma

woodcock
Esteemed Legend

Like this:

... | eval BandC = B . " " . C | stats values(BandC) AS "B C" by A
0 Karma

SrinivasaC
Path Finder

unable to format in html, last two rows would be display in "C" in each of the results.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...