Solved: How do I get different field values in different ...

90509 · ‎11-18-2019

Hi,
could you please help me with below info:

user service name device

abc123 baadmin Brahma Louwps121

bcx123 admin siva louwps123

bxc111 admin Brahma Louwps123

abc123 backup vijay Louwps101

cxz123 backup Brahma Louwps123

cxz123 backup raghu Louwps001

czx101 DM1 Brahma Louwps111

from this if I need to find out "Brahma" with that field value the remaining filed values that are associated with remaining field values in another fields.

493669 · ‎11-18-2019

try this-

|stats values(*) as * by name|where name="Brahma"

View solution in original post

gcusello · ‎11-18-2019

Hi @90509,
I'm not sure to understand your need:

you want to group your values by name,
then you want to display all the values of the other fields for each name and eventually the count of occurrencies,

is this correct?

If this is your need, you should run a search like this:

index=my_index
| stats values(user) AS user values(service) AS service values(device) AS device count BY name

Ciao.
Giuseppe

90509 · ‎11-20-2019

Thank you . your function is working ,I apologies for not accepting your answer because he has sent first. I hope you have great journey.

gcusello · ‎11-20-2019

No problem!
Anyway, you can upvote other answer!

Ciao and next time!
Giuseppe

493669 · ‎11-18-2019

try this-

|stats values(*) as * by name|where name="Brahma"

90509 · ‎11-20-2019

Thank you . Have a great journey !

How do I get different field values in different fields that are associated with same field value in another field?

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...