Solved: Produce single row by combining multiple row and c...

Naveenkumar · ‎09-26-2024

Hi Splunk,

I have a table like below

Component Green Amber Red

Resp_time 0 200 400

5xx 0 50 100

4xx 0 50 100

I want to combine them to produce single row like below

Resp_time_Green Resp_time_Amber Resp_time_Red 5xx_Green 5xx_Amber 5xx_Red 4xx_Green 4xx_Amber 4xx_Red

0 200 400 0 50 100 0 50 100

ITWhisperer · ‎09-26-2024

| untable Component Level count
| eval Component_Level=Component."_".Level
| table Component_Level count
| transpose 0 header_field=Component_Level
| fields - column

View solution in original post

Naveenkumar · ‎09-27-2024

Thanks! Works like a charm!

isoutamo · ‎09-28-2024

Please accept that solution as it works.

ITWhisperer · ‎09-26-2024

| untable Component Level count
| eval Component_Level=Component."_".Level
| table Component_Level count
| transpose 0 header_field=Component_Level
| fields - column

Produce single row by combining multiple row and column

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?