Splunk Search

How do I get different field values in different fields that are associated with same field value in another field?

90509
Engager

Hi,
could you please help me with below info:

user service name device

abc123 baadmin Brahma Louwps121

bcx123 admin siva louwps123

bxc111 admin Brahma Louwps123

abc123 backup vijay Louwps101

cxz123 backup Brahma Louwps123

cxz123 backup raghu Louwps001

czx101 DM1 Brahma Louwps111

from this if I need to find out "Brahma" with that field value the remaining filed values that are associated with remaining field values in another fields.

Tags (1)
0 Karma
1 Solution

493669
Super Champion

try this-

|stats values(*) as * by name|where name="Brahma"

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @90509,
I'm not sure to understand your need:

  • you want to group your values by name,
  • then you want to display all the values of the other fields for each name and eventually the count of occurrencies,

is this correct?

If this is your need, you should run a search like this:

index=my_index
| stats values(user) AS user values(service) AS service values(device) AS device count BY name

Ciao.
Giuseppe

0 Karma

90509
Engager

Thank you . your function is working ,I apologies for not accepting your answer because he has sent first. I hope you have great journey.

0 Karma

gcusello
SplunkTrust
SplunkTrust

No problem!
Anyway, you can upvote other answer!

Ciao and next time!
Giuseppe

0 Karma

493669
Super Champion

try this-

|stats values(*) as * by name|where name="Brahma"
0 Karma

90509
Engager

Thank you . Have a great journey !

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...