Solved: Re: How to modify rows and columns in the Splunk t...

kiril123 · ‎09-10-2018

Hello,

I have written a splunk search which produces the following table:

from    to  parameter   value
A       C    bla_1       111
B       D    bla_2       222

I want to modify that table into the following:

from    to  value
A   bla_1   111
B   bla_2   222
bla_1   C   111
bla_2   D   222

Would you have any ides on how to achieve this?

Thank you.

DalJeanis · ‎09-10-2018

Try this...

(your search)
| eval myfan=mvrange(0,2)
| mvexpand myfan 
| eval from=if(myfan=0,from,parameter)
| eval to=if(myfan=0,parameter,to)
| fields - parameter

View solution in original post

DalJeanis · ‎09-10-2018

Try this...

(your search)
| eval myfan=mvrange(0,2)
| mvexpand myfan 
| eval from=if(myfan=0,from,parameter)
| eval to=if(myfan=0,parameter,to)
| fields - parameter

kiril123 · ‎09-10-2018

This has worked for me. Thank you.

How to modify rows and columns in the Splunk table?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to modify rows and columns in the Splunk table?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...