Solved: How to transform a table and use column headers as...

HeinzWaescher · ‎01-12-2016

Hi,

I would like to do a transformation like this:

alt text

Can you help how to achieve this?

Thanks in advance
Heinz

somesoni2 · ‎01-12-2016

Try something like this

Your current search giving table 1 | eval temp=name."#".department | fields - name department | untable temp month project | rex field=temp "(?<name>.*)#(?<department>.*)" | table name department month project

View solution in original post

somesoni2 · ‎01-12-2016

Try something like this

Your current search giving table 1 | eval temp=name."#".department | fields - name department | untable temp month project | rex field=temp "(?<name>.*)#(?<department>.*)" | table name department month project

HeinzWaescher · ‎01-13-2016

Awesome, thanks a lot!

sundareshr · ‎01-12-2016

Can you share the query for the first table

HeinzWaescher · ‎01-12-2016

Unfortunately the first table would be the result of a csv

How to transform a table and use column headers as field values?

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!