Solved: Re: Transpose table and group by values of other c...

yifatcy · ‎06-14-2022

Hi,

Say I have this table:

Name	Date	Flows
a	2022-06-13 23:01:26	200
a	2022-06-13 10:01:26	301
b	2022-06-13 23:01:26	504
b	2022-06-13 10:01:26	454

I'd like to create a table that's using the values of "Date" column as a new columns, and grouping all the identical "Name" values into one line as follows (where the values are "Flows"):

Name	2022-06-13 23:01:26	2022-06-13 10:01:26
a	200	301
b	504	454

I tried several approaches but failed. Could you assist?

gcusello · ‎06-14-2022

Hi @yifatcy,

you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:

index=your_index
| chart values(Flow) AS Flow OVER Name BY Date

Ciao.

Giuseppe

View solution in original post

gcusello · ‎06-14-2022

Hi @yifatcy,

you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:

index=your_index
| chart values(Flow) AS Flow OVER Name BY Date

Ciao.

Giuseppe

yifatcy · ‎06-14-2022

Working! thanks

How to Transpose table and group by values of other column?

eval

field extraction

fields

other

table

timechart

tstats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!