Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Transforming table and merging columns

FaridHamidi
Engager
‎11-03-2020 01:26 AM

Hi everyone. 

I have this result of my sear ch here in table below.

Untitled-1.png

is there a way to transform the table into something like this,  separating the 2 rows (successful & unsuccessful) into merchand_id field.

Untitled-1.png

Thanks!

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-03-2020 02:09 AM

Chart will get you close to what you want and with a couple of transpose and rex to rename and sort you can group merchant stats together

| makeresults | eval events="aaa,10,4,6|bbb,20,5,15|ccc,25,12,13"
| eval events=split(events,"|")
| mvexpand events
| eval _time=_time-24*60*60
| append [
| makeresults | eval events="aaa,10,6,4|bbb,20,15,5|ccc,25,13,12"
| eval events=split(events,"|")
| mvexpand events
]
| rex field=events "(?<merchant>[^,]+),(?<total>[^,]+),(?<success>[^,]+),(?<fail>.+)"
| fields - events
| chart sum(total) as total sum(success) as success sum(fail) as fail by _time, merchant
| transpose 0
| rex mode=sed field=column "s/(?<result>[^:]+):\s(?<merchant>.+)/\2: \1/g"
| sort column
| transpose 0 header_field=column
| fields - column
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...