How to filters results and convert rows to columns...

Splunk_321 · ‎08-24-2023

I have a splunk query to get execution time of methods shown below

basesearch 
| where like(method,"A") OR like(method,"B")
| table method,time

This will show execution time of method A and method B present in the same flow for multiple calls.

Results are something like below

method    time
A          110
B           95
A          120
A          110
B          101
A          110
B           95
A          125
A          115
B           80
B           85
B           90

I want to filter results such that execution time of A>=110 and corresponding execution time of B

something like below

A         B
110       85
120      101
110       95
125      100
115       95

ITWhisperer · ‎08-24-2023

| where (method=="A" AND time >= 110) OR method=="B"
| eval row=1
| chart list(time) as time by row method
| fields - row

How to filters results and convert rows to columns?

stats

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

How to filters results and convert rows to columns?

stats

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...