Solved: How to Transpose table and group by values of othe...

yifatcy · ‎06-14-2022

Hi,

Say I have this table:

Name	Date	Flows
a	2022-06-13 23:01:26	200
a	2022-06-13 10:01:26	301
b	2022-06-13 23:01:26	504
b	2022-06-13 10:01:26	454

I'd like to create a table that's using the values of "Date" column as a new columns, and grouping all the identical "Name" values into one line as follows (where the values are "Flows"):

Name	2022-06-13 23:01:26	2022-06-13 10:01:26
a	200	301
b	504	454

I tried several approaches but failed. Could you assist?

gcusello · ‎06-14-2022

Hi @yifatcy,

you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:

index=your_index
| chart values(Flow) AS Flow OVER Name BY Date

Ciao.

Giuseppe

View solution in original post

gcusello · ‎06-14-2022

Hi @yifatcy,

you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:

index=your_index
| chart values(Flow) AS Flow OVER Name BY Date

Ciao.

Giuseppe

yifatcy · ‎06-14-2022

Working! thanks

How to Transpose table and group by values of other column?

eval

field extraction

fields

table

timechart

tstats

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

How to Transpose table and group by values of other column?