Splunk Search

combining 2 rows in to a single row

shashidharh
Explorer

Hi,

I was trying to add 2 rows in to a single row . After combining,I am getting results for 1st column .but not for 2nd result .Something wrong here ?

host=t-fus* ("SRCreateRequest"  OR "SRPublishRequest" OR "SRUpdateRequest" OR "JNPRCreateSRPublish" OR "JNPRPostSRUpdate" OR "JNPRUpdateSRPublish") 
(Publisher: Completed OR fallacy )
| rename JNPRCreateSRPublish as SRCreateRequest
| rename JNPRPostSRUpdate as SRPublishRequest 
| rename JNPRUpdateSRPublish as SRUpdateRequest
| rex "(?<API> SRCreateRequest | SRPublishRequest | SRUpdateRequest )"
| rex "(?<status>Completed| fallacy)"
| where isnotnull(status) 
| append 
    [| makeresults 
    | eval API=split(" SRCreateRequest | SRPublishRequest | SRUpdateRequest ", "|") 
    | mvexpand API] 
| chart count as count1 by API,status 
| table API, Completed, Error
| fillnull value=0 Error, Completed

 

Labels (1)
0 Karma