Working in splunk 6.2.1 enterprise.
I have the following dataset (simplified)
SomeDateField Event1 Event2 Event3
2014-12-29 1 0 0
2014-12-28 0 1 1
2014-12-27 1 1 0
that I would like to convert to this format:
This would make it possible to get the mean time between events of a type, and last occurrences of the events, ...
So in short:
I would want to create a list of dates for the individual events that happened at that date.
For one date multiple events can occur, so there would be duplicate dates.
Remark: Date field is not _time, it's a specific date from the imported files.
An import file of today can have events of another date.
Tips and hints on how to get this transformation working are welcome.