Hi

I have Splunk messages that gives the information on course and student enrolled.
My sample message as follows

{
ID:1,
Course:Biology,
UserName:gsmith,
FirstName: George,
LastName:Smith,
NumOfCredits:3
},
{
ID:2,
Course:Biology,
UserName:mmuren,
FirstName: Mary,
LastName:Muren,
NumOfCredits:3
},
{
ID:3,
Course:Biology,
UserName:ksmith,
FirstName: Karen,
LastName:Smith,
NumOfCredits:3
}

And with my search

index=* Application=Course_Details | stats values(Course), values(UserName), values(FirstName), values(LastName), values(NumOfCredits) by  ID
| table Course UserName FirstName LastName NumOfCredits

The result is something like this:

 Course UserName    FirstName   LastName    NumOfCredits
Biology gsmith      George        Smith         3
           mmuren      Mary          Muren  
           ksmith     Karen 

The result that I am expecting is:

 Course UserName    FirstName   LastName    NumOfCredits
Biology gsmith      George        Smith         3
           mmuren      Mary          Muren       3
           ksmith     Karen      Smith         3    

Tried using makemv but that did not work. Could you please help?

Thanks.