How to filters results and convert rows to columns...

Splunk_321 · ‎08-24-2023

I have a splunk query to get execution time of methods shown below

basesearch 
| where like(method,"A") OR like(method,"B")
| table method,time

This will show execution time of method A and method B present in the same flow for multiple calls.

Results are something like below

method    time
A          110
B           95
A          120
A          110
B          101
A          110
B           95
A          125
A          115
B           80
B           85
B           90

I want to filter results such that execution time of A>=110 and corresponding execution time of B

something like below

A         B
110       85
120      101
110       95
125      100
115       95

ITWhisperer · ‎08-24-2023

| where (method=="A" AND time >= 110) OR method=="B"
| eval row=1
| chart list(time) as time by row method
| fields - row

How to filters results and convert rows to columns?

stats

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?

How to filters results and convert rows to columns?

stats

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025