Splunk Search

How to split stats command results into rows

ipoluda
Engager

I have proxy logs, in which I am interested in 4 fields: the ip address of the user's computer, the category of the site he visits and the total amount of incoming and outgoing traffic for each category. Now I got such a table, but I needed it to be like in the second table on the screenshot. I just can't find a solution, I ask the SPL guru to help me)))
My query:
index=proxy 
| stats sum(bytes_in) as totalBytesIn, sum(bytes_out) as totalBytesOut, values(category) by src_host

Labels (3)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Is this the sort of thing you are after?

index=proxy 
| stats sum(bytes_in) as totalBytesIn, sum(bytes_out) as totalBytesOut by src_host category
| stats list(totalBytesIn) as totalBytesIn, list(totalBytesOut) as totalBytesOut, list(category) as category by src_host
0 Karma
Get Updates on the Splunk Community!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Want a chance to win $500 to the Splunk shop? Take our IT Incident Management Survey!

  Top Trends & Best Practices in Incident ManagementSplunk is partnering up with Constellation Research to ...