Solved: How to edit my transpose search to create one tabl...

kreekoor · ‎11-14-2016

Hi All,

I'm creating a dashboard containing a forecast for a number of expected calls.

Should look something like this.

Type      Date 1       Date 2        Date 3     ....      Date 8
X         100          87            34         ....      34  
Y         80           90            23

The table the data is coming from looks something like:

Type Date     Number
X    Date 1   100
X    Date 2   87
X    Date 3   34
Y    Date 1   80
Y    Date 2   90
Y    Date 3   23

I'm able to create multiple tables looking like.

Type      Date 1       Date 2        Date 3     ....      Date 8
X         100          87            34         ....      34  

Type      Date 1       Date 2        Date 3     ....      Date 8
Y         80           90            23         ....      76

Etc.

Using this search:

index=xxx source="*xxx*" TYPE = "X" | table DATE TARGET | transpose 8 column_name=X header_field=DATE
index=xxx source="*xxx*" TYPE = "Y" | table DATE TARGET | transpose 8 column_name=Y header_field=DATE

This means the search has to run multiple times on the same dataset to provide the dashboard... It should be able to go easier, I think. Can anybody provide help? Many thanks in advance.

somesoni2 · ‎11-14-2016

Try this

index=xxx source="xxx" TYPE="X" OR TYPE="Y"  | xyseries TYPE DATE TARGET

View solution in original post

somesoni2 · ‎11-14-2016

Try this

index=xxx source="xxx" TYPE="X" OR TYPE="Y"  | xyseries TYPE DATE TARGET

kreekoor · ‎11-14-2016

Thank you very much! That's exactly what I need.

How to edit my transpose search to create one table with multiple lines?

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...