Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I get different field values in different fields that are associated with same field value in another field?

90509
Engager
‎11-18-2019 02:15 AM

Hi,
could you please help me with below info:

user service name device

abc123 baadmin Brahma Louwps121

bcx123 admin siva louwps123

bxc111 admin Brahma Louwps123

abc123 backup vijay Louwps101

cxz123 backup Brahma Louwps123

cxz123 backup raghu Louwps001

czx101 DM1 Brahma Louwps111

from this if I need to find out "Brahma" with that field value the remaining filed values that are associated with remaining field values in another fields.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

493669
Super Champion
‎11-18-2019 02:20 AM

try this-

|stats values(*) as * by name|where name="Brahma"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-18-2019 02:24 AM

Hi @90509,
I'm not sure to understand your need:

  • you want to group your values by name,
  • then you want to display all the values of the other fields for each name and eventually the count of occurrencies,

is this correct?

If this is your need, you should run a search like this:

index=my_index
| stats values(user) AS user values(service) AS service values(device) AS device count BY name

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

90509
Engager
‎11-20-2019 12:10 AM

Thank you . your function is working ,I apologies for not accepting your answer because he has sent first. I hope you have great journey.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎11-20-2019 12:44 AM

No problem!
Anyway, you can upvote other answer!

Ciao and next time!
Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

493669
Super Champion
‎11-18-2019 02:20 AM

try this-

|stats values(*) as * by name|where name="Brahma"
0 Karma
Reply
Solved! Jump to solution

90509
Engager
‎11-20-2019 12:08 AM

Thank you . Have a great journey !

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...