Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to split Data in one column to multiple column...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
himpor
Engager
03-02-2018
07:19 AM
hi,
I had the data in the following format
location product price
location1 Product1 price1
location1 product2 price2
location2 product1 price3
location2 product2 price4
I need to re-align it in following format
location product1 product2
location1 price1 price2
location2 price3 price4
I can do it by splitting column by data model or pivot from base query. but is there any way for the using the SPL the following can be achieved.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
03-02-2018
08:36 AM
Try like this
your current search giving fields location product price
| xyseries location product price
See more about xyseries command here: http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Xyseries
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
03-02-2018
08:36 AM
Try like this
your current search giving fields location product price
| xyseries location product price
See more about xyseries command here: http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Xyseries
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HiroshiSatoh
Champion
03-02-2018
07:55 AM
Try this!
(your search)
|table location product price
|eval {product}=price
|stats sum(product*) as product* by location
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HiroshiSatoh
Champion
03-02-2018
05:24 PM
The answer of somesoni 2 is good.
your current search giving fields location product price
| xyseries location product price
| stats sum(product*) as product* by location
Get Updates on the Splunk Community!
New Year, New Changes for Splunk Certifications
As we embrace a new year, we’re making a small but important update to the Splunk Certification ...
Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!
What are Community Office Hours?
Community Office Hours is an interactive 60-minute Zoom series where ...
[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
