Solved: How to convert row values into fields with count?

cindywee · ‎08-22-2019

Hi. How do I get from the first table to look like the second table?

I have tried chart, transpose, different combination of eval and stats functions but just cannot get it to look right. I am working off a csv data set.

solarboyz1 · ‎08-22-2019

Add the following to the search you used to generate the first table:

| stats sum(eval(if(status="failure",1,0)) as Failure, sum(eval(if(status="success",1,0)) as Success by Platform, Instance, Group, Container

https://docs.splunk.com/Documentation/Splunk/7.3.1/Search/Usestatswithevalexpressionsandfunctions

View solution in original post

cindywee · ‎08-22-2019

You are a genius. The most simple solution is always to right solution.

solarboyz1 · ‎08-22-2019

Add the following to the search you used to generate the first table:

| stats sum(eval(if(status="failure",1,0)) as Failure, sum(eval(if(status="success",1,0)) as Success by Platform, Instance, Group, Container

https://docs.splunk.com/Documentation/Splunk/7.3.1/Search/Usestatswithevalexpressionsandfunctions

How to convert row values into fields with count?

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...