Solved: How to Transpose table and group by values of othe...

yifatcy · ‎06-14-2022

Hi,

Say I have this table:

Name	Date	Flows
a	2022-06-13 23:01:26	200
a	2022-06-13 10:01:26	301
b	2022-06-13 23:01:26	504
b	2022-06-13 10:01:26	454

I'd like to create a table that's using the values of "Date" column as a new columns, and grouping all the identical "Name" values into one line as follows (where the values are "Flows"):

Name	2022-06-13 23:01:26	2022-06-13 10:01:26
a	200	301
b	504	454

I tried several approaches but failed. Could you assist?

gcusello · ‎06-14-2022

Hi @yifatcy,

you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:

index=your_index
| chart values(Flow) AS Flow OVER Name BY Date

Ciao.

Giuseppe

View solution in original post

gcusello · ‎06-14-2022

Hi @yifatcy,

you should try the chart command (https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Chart) having something like the following:

index=your_index
| chart values(Flow) AS Flow OVER Name BY Date

Ciao.

Giuseppe

yifatcy · ‎06-14-2022

Working! thanks

How to Transpose table and group by values of other column?

eval

field extraction

fields

other

table

timechart

tstats

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update