Solved: Pivot: distinct values as mvcombine

echalex · ‎01-23-2015

Hi,

I'm trying to convert a dashboard based on internal searches to one using data models. One thing I'm missing is that in the internal search I can present the values on a single line by using mvcombine. However, in a pivot, the values will be on a separate line, so the table basically becomes much higher than I want it to be. Does anyone have a nice solution for this?

echalex · ‎01-30-2015

I was able to solve this myself, so I'm documenting the solution for the benefit of others.
Although, it can't be edited directly by the dashboard or pivot editing functionalities, but there will be a report generated, which you can edit. In there I was able to append the mvcombine. Basically, mvcombine delim=, field_name

Generated report:

| pivot Product_Check Product_check count(Product_check) AS "Number of Products checked" values(Product) AS "Products checked" SPLITROW ShippingCountryName AS "Shipping Country" SPLITROW ShippingCountryCode AS "Country Code" SORT 100 ShippingCountryName ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1

What I appended:

|mvcombine delim=, "Products checked",I found a solution for this, which I want to document.

Although this can't be done directly in pivot or by editing the dashboard itself, but there will be a corresponding report created. (You can see the name of that by editing the dashboard.) This report is of course editable as normal, and you are therefore able to append for example |mvcombine delim=, thefield.

In my example, the report generated was:

| pivot Product_Check Product_check count(Product_check) AS "Number of Products checked" values(Product) AS "Products checked" SPLITROW ShippingCountryName AS "Shipping Country" SPLITROW ShippingCountryCode AS "Country Code" SORT 100 ShippingCountryName ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1

To which I appended:

|mvcombine delim=, "Products checked"

View solution in original post

echalex · ‎01-30-2015

I was able to solve this myself, so I'm documenting the solution for the benefit of others.
Although, it can't be edited directly by the dashboard or pivot editing functionalities, but there will be a report generated, which you can edit. In there I was able to append the mvcombine. Basically, mvcombine delim=, field_name

Generated report:

| pivot Product_Check Product_check count(Product_check) AS "Number of Products checked" values(Product) AS "Products checked" SPLITROW ShippingCountryName AS "Shipping Country" SPLITROW ShippingCountryCode AS "Country Code" SORT 100 ShippingCountryName ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1

What I appended:

|mvcombine delim=, "Products checked",I found a solution for this, which I want to document.

Although this can't be done directly in pivot or by editing the dashboard itself, but there will be a corresponding report created. (You can see the name of that by editing the dashboard.) This report is of course editable as normal, and you are therefore able to append for example |mvcombine delim=, thefield.

In my example, the report generated was:

| pivot Product_Check Product_check count(Product_check) AS "Number of Products checked" values(Product) AS "Products checked" SPLITROW ShippingCountryName AS "Shipping Country" SPLITROW ShippingCountryCode AS "Country Code" SORT 100 ShippingCountryName ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 0 SHOWOTHER 1

To which I appended:

|mvcombine delim=, "Products checked"

Pivot: distinct values as mvcombine

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard

Are you a member of the Splunk Community?

Pivot: distinct values as mvcombine

Splunk Observability for AI

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability as Code: From Zero to Dashboard