Hi Splunkers and Happy Friday
I am trying to put together an email that looks something like this:
However when I have several ITEMs for an Invoice the QTYs and other fields do not go to a new line like in the my original search in Splunk but look like this:
The underlying search is this:
| fields - _raw, _time
| stats values(ITEM) values(ITEM_DESCRIPTION) list(SHIPPED_QTY_BTLS) list(ORDER_QTY_BTLS) list(PACKQTY) list(SHIPPED_DATE) by INVOICE_NUMBER,SALESPERSON,EMAIL,SHIP_TO
| rename "values(ITEM)" AS "ITEM" "values(ITEM_DESCRIPTION)" AS "ITEM_DESCRIPTION" "list(SHIPPED_QTY_BTLS)" AS "SHIPPED_QTY_BTLS" "list(ORDER_QTY_BTLS)" AS "ORDER_QTY_BTLS" "list(PACKQTY)" AS "PACKQTY" "list(SHIPPED_DATE)" as "SHIPPED_DATE"
Would anybody know how to get this to have any value in the their own row and not right after each other?
Thank you very much guys,
Oliver
1 Solution
