Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to create mutiple columns for a single field

sumanth_isac
Path Finder
‎05-07-2013 06:55 AM

I have to make dashboard like different age limits as column heading
eg. 

product    (age)20-25    (age)30 -35
product1          200        300
product2          500        600

How to do this in splunk ?

Tags (1)
0 Karma
Reply

ytamura
Path Finder
‎05-07-2013 11:00 AM

Alternatively, if you don't need highly customized date ranges, you can use the bucket command before charting.

... | bucket age span=5 | stats count by product,age
Reply

ytamura
Path Finder
‎05-08-2013 09:30 AM

See if the fieldformat command can help you: http://splunk-base.splunk.com/answers/35124/format-result-set-numbers

0 Karma
Reply

gajananh999
Contributor
‎05-08-2013 03:57 AM

There is no Actual field name VJ8210 there are dynamic field name is coming so we are not able to do that.

Can you tell me how to add $ to dynamic field name.

0 Karma
Reply

vj8210
Explorer
‎05-08-2013 02:50 AM

Hi, for adding $ you use eval again:
eval age="$"+age

Replace age with your actual field names

Reply

sumanth_isac
Path Finder
‎05-07-2013 11:17 PM

Thank you, got it now i want to include a $ sign for the values below (age)20-25

product (age)20-25 (age)30 -35
product1 $200 $300
product2 $500 $600

How to do this as this table will be dynamic

0 Karma
Reply

aholzer
Motivator
‎05-07-2013 08:24 AM 
| eval age_dist=floor(age/5)

This will give you a field named age_dist with distinct values for every 5 values of age

| eval age_range=case(age_dist==0,"(age)0-4",age_dist==1,"(age)5-9",...,age_dist==n,"(age)n*5-n*5+4")

This will give you the age groupings you are looking for

| stats count by product age_range

This will give you the table you are looking for

Your final search should look like:

... | eval age_dist=floor(age/5) | eval age_range=case(age_dist==0,"(age)0-4",age_dist==1,"(age)5-9",...,age_dist==n,"(age)n*5-n*5+4") | stats count by product age_range

Hope this helps

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...