Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I get different field values in different fields that are associated with same field value in another field?

90509
Engager
‎11-18-2019 02:15 AM

Hi,
could you please help me with below info:

user service name device

abc123 baadmin Brahma Louwps121

bcx123 admin siva louwps123

bxc111 admin Brahma Louwps123

abc123 backup vijay Louwps101

cxz123 backup Brahma Louwps123

cxz123 backup raghu Louwps001

czx101 DM1 Brahma Louwps111

from this if I need to find out "Brahma" with that field value the remaining filed values that are associated with remaining field values in another fields.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎11-18-2019 02:20 AM

try this-

|stats values(*) as * by name|where name="Brahma"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-18-2019 02:24 AM

Hi @90509,
I'm not sure to understand your need:

  • you want to group your values by name,
  • then you want to display all the values of the other fields for each name and eventually the count of occurrencies,

is this correct?

If this is your need, you should run a search like this:

index=my_index
| stats values(user) AS user values(service) AS service values(device) AS device count BY name

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

90509
Engager
‎11-20-2019 12:10 AM

Thank you . your function is working ,I apologies for not accepting your answer because he has sent first. I hope you have great journey.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-20-2019 12:44 AM

No problem!
Anyway, you can upvote other answer!

Ciao and next time!
Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎11-18-2019 02:20 AM

try this-

|stats values(*) as * by name|where name="Brahma"
0 Karma
Reply
Solved! Jump to solution

90509
Engager
‎11-20-2019 12:08 AM

Thank you . Have a great journey !

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...
Top