Re: Filters results and convert rows to columns - Splunk Community

Splunk Search

I have a splunk query to get execution time of methods shown below

basesearch 
| where like(method,"A") OR like(method,"B")
| table method,time

This will show execution time of method A and method B present in the same flow for multiple calls.

Results are something like below

method    time
A          110
B           95
A          120
A          110
B          101
A          110
B           95
A          125
A          115
B           80
B           85
B           90

I want to filter results such that execution time of A>=110 and corresponding execution time of B

something like below

A         B
110       85
120      101
110       95
125      100
115       95

| where (method=="A" AND time >= 110) OR method=="B"
| eval row=1
| chart list(time) as time by row method
| fields - row

Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...