Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you transform table values to a column replaced by values?

mgutschelhofer
Explorer
‎01-22-2019 12:36 PM

Hi Folks,

I'm still new to Splunk queries. I'm struggling with the following (simple) table transformation:

  • All values from a column should be added as a new column
  • Values for this new column should be taken from a specific column

Best to show as example. Here is my input:

status   stage count
--------------------
FAIL     dev   12
OK       dev   14
FAIL     prod  13
OK       prod  34
FAIL     prev  78
OK       prev  23

Which I would like to transform to this:

stage   OK   FAIL
-----------------
dev     14   12
prev    23   78
prod    34   13

Help appreciated & Thanks!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vnravikumar
Champion
‎01-22-2019 06:48 PM

Hi @mgutschelhofer

Try like

yoursearch |xyseries stage status count |stats values(OK) as OK values(FAIL) as FAIL by stage

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

vnravikumar
Champion
‎01-22-2019 06:48 PM

Hi @mgutschelhofer

Try like

yoursearch |xyseries stage status count |stats values(OK) as OK values(FAIL) as FAIL by stage
0 Karma
Reply
Solved! Jump to solution

mgutschelhofer
Explorer
‎01-22-2019 11:27 PM

Excellent, this did the job!
Many Thanks, Martin

0 Karma
Reply
Solved! Jump to solution

vnravikumar
Champion
‎01-23-2019 12:56 AM

Welcome 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...