Solved: How to transpose a table by id?

simo · ‎03-03-2021

Hi All,

I have a table similar to the following

id	time
1	2021-03-03 13:52:53.158
1	2021-03-03 13:52:53.001
1	2021-03-03 13:52:52.987
2	2021-03-03 11:59:50.950
2	2021-03-03 11:59:50.655
2	2021-03-03 11:59:50.631

the result I would like to achieve is

id	time1	time2	time3
1	2021-03-03 13:52:53.158	2021-03-03 13:52:53.001	2021-03-03 13:52:52.987
2	2021-03-03 11:59:50.950	2021-03-03 11:59:50.655	2021-03-03 11:59:50.631

it's possible? Thank you for any help

Simone

ITWhisperer · ‎03-03-2021

| makeresults | eval _raw="id	time
1	2021-03-03 13:52:53.158
1	2021-03-03 13:52:53.001
1	2021-03-03 13:52:52.987
2	2021-03-03 11:59:50.950
2	2021-03-03 11:59:50.655
2	2021-03-03 11:59:50.631"
| multikv forceheader=1
| fields - _* linecount


| streamstats count as timecount by id
| eval timecount="time".timecount
| xyseries id timecount time

View solution in original post

ITWhisperer · ‎03-03-2021

| makeresults | eval _raw="id	time
1	2021-03-03 13:52:53.158
1	2021-03-03 13:52:53.001
1	2021-03-03 13:52:52.987
2	2021-03-03 11:59:50.950
2	2021-03-03 11:59:50.655
2	2021-03-03 11:59:50.631"
| multikv forceheader=1
| fields - _* linecount


| streamstats count as timecount by id
| eval timecount="time".timecount
| xyseries id timecount time

simo · ‎03-03-2021

Thank you 🙂 I managed to solve

How to transpose a table by id?

table

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life