Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to split Data in one column to multiple column...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
himpor
Engager
03-02-2018
07:19 AM
hi,
I had the data in the following format
location product price
location1 Product1 price1
location1 product2 price2
location2 product1 price3
location2 product2 price4
I need to re-align it in following format
location product1 product2
location1 price1 price2
location2 price3 price4
I can do it by splitting column by data model or pivot from base query. but is there any way for the using the SPL the following can be achieved.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
03-02-2018
08:36 AM
Try like this
your current search giving fields location product price
| xyseries location product price
See more about xyseries command here: http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Xyseries
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
03-02-2018
08:36 AM
Try like this
your current search giving fields location product price
| xyseries location product price
See more about xyseries command here: http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Xyseries
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HiroshiSatoh
Champion
03-02-2018
07:55 AM
Try this!
(your search)
|table location product price
|eval {product}=price
|stats sum(product*) as product* by location
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HiroshiSatoh
Champion
03-02-2018
05:24 PM
The answer of somesoni 2 is good.
your current search giving fields location product price
| xyseries location product price
| stats sum(product*) as product* by location
Get Updates on the Splunk Community!
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
