Solved: How do you transform table values to a column repl...

mgutschelhofer · ‎01-22-2019

Hi Folks,

I'm still new to Splunk queries. I'm struggling with the following (simple) table transformation:

Best to show as example. Here is my input:

status   stage count
--------------------
FAIL     dev   12
OK       dev   14
FAIL     prod  13
OK       prod  34
FAIL     prev  78
OK       prev  23

Which I would like to transform to this:

stage   OK   FAIL
-----------------
dev     14   12
prev    23   78
prod    34   13

Help appreciated & Thanks!

vnravikumar · ‎01-22-2019

Hi @mgutschelhofer

Try like

yoursearch |xyseries stage status count |stats values(OK) as OK values(FAIL) as FAIL by stage

vnravikumar · ‎01-22-2019

Hi @mgutschelhofer

Try like

yoursearch |xyseries stage status count |stats values(OK) as OK values(FAIL) as FAIL by stage

mgutschelhofer · ‎01-22-2019

Excellent, this did the job!
Many Thanks, Martin

vnravikumar · ‎01-23-2019

Welcome 🙂

How do you transform table values to a column replaced by values?