Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Non-numerical values in a table

NancyCunningham
Engager
‎05-11-2010 03:51 PM

Trying to put together a table that compares service versions across environments.

Able to get a list using stats

 stats first(version) by service, environment

Would like to have this same info organized as a table, tried

 chart first(version) by service, environment

but this doesn't return service versions like 1.2.31

Seems that chart only works with numbers - figure there must be some other way to build a table.

Thanks, Nancy

Tags (2)
Reply

vbumgarn
Path Finder
‎05-11-2010 05:37 PM

I don't think this is what it was designed for, but it turns out maketable does exactly what is needed.

search... | stats first(version) as version by environment service | maketable service environment version

Reply

gkanapathy
Splunk Employee
Splunk Employee
‎05-11-2010 10:27 PM

actually that is exactly what xyseries was intended for

0 Karma
Reply

Johnvey
Contributor
‎05-11-2010 05:46 PM

'maketable' is also known as 'xyseries'.

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎05-11-2010 05:21 PM

That's right, timechart and chart do their best to only return numeric data, so first() and values() wont work as you might expect for non-numeric fields.

for more on that topic, see this related question: http://answers.splunk.com/questions/2295/how-come-some-fields-disappear-when-they-go-into-timechart-...

So, you cant use chart, you have to use stats. And the xyseries command can convert the "stats output format", where each row is a unique combination, to what you might call the "chart output format" that's the 2-dimensional table that you want. 

stats first(version) by service, environment | xyseries service, environment, first(version)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...