Hi,
Say I have this table:
Name | Date | Flows |
a | 2022-06-13 23:01:26 | 200 |
a | 2022-06-13 10:01:26 | 301 |
b | 2022-06-13 23:01:26 | 504 |
b | 2022-06-13 10:01:26 | 454 |
I'd like to create a table that's using the values of "Date" column as a new columns, and grouping all the identical "Name" values into one line as follows (where the values are "Flows"):
Name | 2022-06-13 23:01:26 | 2022-06-13 10:01:26 |
a | 200 | 301 |
b | 504 | 454 |
I tried several approaches but failed. Could you assist?
Hi @yifatcy,
you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:
index=your_index
| chart values(Flow) AS Flow OVER Name BY Date
Ciao.
Giuseppe
Hi @yifatcy,
you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:
index=your_index
| chart values(Flow) AS Flow OVER Name BY Date
Ciao.
Giuseppe
Working! thanks