Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to reformat the table output?

zacksoft
Contributor
‎06-06-2018 06:15 AM 
| base query with some eval commands 
| table a_snake, a_cat, a_dog, b_snake, b_cat, b_dog, c_snake, c_cat, c_dog

However, I want the values to be arranged like this with the column header as SNAKE, CAT, DOG

SNAKE    CAT    DOG
a_snake  a_cat  a_dog
b_snake  b_cat  b_dog
c_snake   c_cat  c_dog
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kmaron
Motivator
‎06-06-2018 09:58 AM

Using what you provided this is what I have

| makeresults 
 | eval animal = "a_cat a_snake a_dog b_cat b_snake b_dog c_cat c_snake c_dog" 
 | makemv animal
 | mvexpand animal
 | rex field=animal "^(?<Letter>.*?)_(?<Type>.*?)$"
 | eval Type = upper(Type)
 | chart values(animal) over Letter by Type
 | fields - Letter

View solution in original post

Reply
Solved! Jump to solution
Solution

kmaron
Motivator
‎06-06-2018 09:58 AM

Using what you provided this is what I have

| makeresults 
 | eval animal = "a_cat a_snake a_dog b_cat b_snake b_dog c_cat c_snake c_dog" 
 | makemv animal
 | mvexpand animal
 | rex field=animal "^(?<Letter>.*?)_(?<Type>.*?)$"
 | eval Type = upper(Type)
 | chart values(animal) over Letter by Type
 | fields - Letter
Reply
Solved! Jump to solution

Richfez
SplunkTrust
SplunkTrust
‎06-06-2018 07:02 AM

What do your events actually look like?

And what output does your existing table command show?

(It might actually be useful to know what those eval commands are, but they may not be important)

0 Karma
Reply
Solved! Jump to solution

zacksoft
Contributor
‎06-06-2018 07:06 AM

The existing output is,
There is One row and Nine columns
And the column headers are left to right specified as a_snake a_cat a_dog b_snake b_cat b_dog .....

0 Karma
Reply
Solved! Jump to solution

kmaron
Motivator
‎06-06-2018 09:51 AM

are a_snake a_cat, etc field names or values? I feel like you may be generalizing too much and something is getting lost. Your table command treats them like fields but then your example table has them like values.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...