Solved: How to create single row from multiple results?

yk010123 · ‎02-14-2022

Hi team, I have the following table with results

ID	processing time	actor
123	20	actor1
123	30	actor2
123	40	actor3

And I'd like to combine them as a single result like :

ID	actor1	actor2	actor3
123	20	30	40

The list of actors is not known in advance

Is this possible? Thank you

ITWhisperer · ‎02-14-2022

Sorry, I got that the wrong way around

| xyseries ID actor 'processing time'

View solution in original post

ITWhisperer · ‎02-14-2022

| xyseries ID 'processing time' actor

yk010123 · ‎02-14-2022

Thank you for replying but that does not seem to be creating the expected output. What I am seeing is

id	20	30	35	36	40
123	actor1	actor2			actor3

ITWhisperer · ‎02-14-2022

Sorry, I got that the wrong way around

| xyseries ID actor 'processing time'

yk010123 · ‎02-14-2022

Thank you. That seems to be the solution

Do you know how could I handle duplicates here? For example, sometimes the same actor appears more than once in the results and I'd like to include both somehow(maybe with the _time?)

ITWhisperer · ‎02-14-2022

| chart list('processing time') by ID actor

yk010123 · ‎02-14-2022

Thank you.

Is it possible to include the _time when that happened?

For example, I'd like to know which one is the original and which one is the duplicated

How to create single row from multiple results?

chart

table

timechart

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life