Solved: Table columns and rows transposition

twinspop · ‎06-29-2012

I'm trying to format the output from Windows perflogs into a nice table. The way the events are formatted, with separate events with "object" and "Value" fields each, has thrown my brain for a loop. How would I change this table:

host    object  Value
HOSTA   PagingFile  11.070782
HOSTA   Processor   4.480732
HOSTB   PagingFile  13.441306
HOSTB   Processor   7.368559

Into

host    PagingFile  Processor
HOSTA   11.070782   4.480732
HOSTB   13.441306   7.368559

The original search:

index=perflog CPU OR pagefile | stats avg(Value) as Value by host object

Ayn · ‎06-29-2012

Use chart instead of stats.

index=perflog CPU or pagefile | chart avg(value) by host,object

View solution in original post

Ayn · ‎06-29-2012

Use chart instead of stats.

index=perflog CPU or pagefile | chart avg(value) by host,object

Table columns and rows transposition

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation