Solved: convert pivot table into stats

jeck11 · ‎08-03-2021

Hi everyone,

I have a very basic search outputting two types of entries into a field called "event". I need to get a count of each type per hour. I've been able to get the view I want using the pivot but don't really want to burden the system maintaining the data model if I don't need to. So here's my question:

How can I create a table (assuming using stats) to show two rows (one for each type) and columns for each hour's total (descending)?

Desired format:
Desired format using pivot

Current output when I try to use stats: Current stats output

ITWhisperer · ‎08-03-2021

| eval time=strftime(_time,"%Y-%m-%d %H:%M")
| xyseries event time count

View solution in original post

ajaynegi09 · ‎08-09-2021

we are the leading waste collector for <a href="https://www.shaktiplasticinds.com/extended-producer-responsibility-epr"Extended producer responsibility </a> waste management

ajaynegi09 · ‎08-09-2021

we are the leading waste collector for <a href="https://www.shaktiplasticinds.com/extended-producer-responsibility-epr"Extended producer responsibility </a> waste management

ITWhisperer · ‎08-03-2021

| eval time=strftime(_time,"%Y-%m-%d %H:%M")
| xyseries event time count

jeck11 · ‎08-03-2021

Worked perfectly. TY!

convert pivot table into stats

stats

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!