Solved: How do I transpose a table grouped by the values i...

andweng · ‎05-22-2019

I have a search that produces the following sample data:

ValueA    ValueB
A         1
A         2
A         3
B         1
B         4
B         5
C         2
C         3
C         4

I want to transpose ValueA as the columns and keep ValueB as the values such that I would have this:

A     B     C
1     1     2
2     4     3
3     5     4

It seems like it should be fairly straightforward and I've tried combinations of transpose, untable and xyseries but nothing quite seems to work. Thanks for the assistance!

somesoni2 · ‎05-22-2019

Try like this

your current search giving fields ValueA and ValueB OR ends with | table ValueA ValueB
| eval temp=1 
| xyseries temp ValueA ValueB
| fields - temp

View solution in original post

somesoni2 · ‎05-22-2019

Try like this

your current search giving fields ValueA and ValueB OR ends with | table ValueA ValueB
| eval temp=1 
| xyseries temp ValueA ValueB
| fields - temp

andweng · ‎05-22-2019

That worked with a tweak. Didn't realize I could just create a temporary value to pivot on. I needed matching values to pivot on so I had to add an accum and then xyseries on the accum value.

| eval Rank=1
| accum Rank
| eval Rank=((Rank-1)%10)
| xyseries Rank ValueA ValueB

How do I transpose a table grouped by the values in the first column?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

How do I transpose a table grouped by the values in the first column?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine