Solved: Re: How to edit my transpose search to create one ...

kreekoor · ‎11-14-2016

Hi All,

I'm creating a dashboard containing a forecast for a number of expected calls.

Should look something like this.

Type      Date 1       Date 2        Date 3     ....      Date 8
X         100          87            34         ....      34  
Y         80           90            23

The table the data is coming from looks something like:

Type Date     Number
X    Date 1   100
X    Date 2   87
X    Date 3   34
Y    Date 1   80
Y    Date 2   90
Y    Date 3   23

I'm able to create multiple tables looking like.

Type      Date 1       Date 2        Date 3     ....      Date 8
X         100          87            34         ....      34  

Type      Date 1       Date 2        Date 3     ....      Date 8
Y         80           90            23         ....      76

Etc.

Using this search:

index=xxx source="*xxx*" TYPE = "X" | table DATE TARGET | transpose 8 column_name=X header_field=DATE
index=xxx source="*xxx*" TYPE = "Y" | table DATE TARGET | transpose 8 column_name=Y header_field=DATE

This means the search has to run multiple times on the same dataset to provide the dashboard... It should be able to go easier, I think. Can anybody provide help? Many thanks in advance.

somesoni2 · ‎11-14-2016

Try this

index=xxx source="xxx" TYPE="X" OR TYPE="Y"  | xyseries TYPE DATE TARGET

View solution in original post

somesoni2 · ‎11-14-2016

Try this

index=xxx source="xxx" TYPE="X" OR TYPE="Y"  | xyseries TYPE DATE TARGET

kreekoor · ‎11-14-2016

Thank you very much! That's exactly what I need.

How to edit my transpose search to create one table with multiple lines?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms