Splunk Search

convert pivot table into stats

jeck11
Path Finder

Hi everyone,

I have a very basic search outputting two types of entries into a field called "event". I need to get a count of each type per hour. I've been able to get the view I want using the pivot but don't really want to burden the system maintaining the data model if I don't need to. So here's my question:


How can I create a table (assuming using stats) to show two rows (one for each type) and columns for each hour's total (descending)?

 

Desired format:
Desired format using pivotDesired format using pivot

Current output when I try to use stats: Current stats outputCurrent stats output

Labels (1)
Tags (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| eval time=strftime(_time,"%Y-%m-%d %H:%M")
| xyseries event time count

View solution in original post

ajaynegi09
New Member

we are the leading waste collector for <a href="https://www.shaktiplasticinds.com/extended-producer-responsibility-epr"Extended producer responsibility </a> waste management

0 Karma

ajaynegi09
New Member

we are the leading waste collector for <a href="https://www.shaktiplasticinds.com/extended-producer-responsibility-epr"Extended producer responsibility </a> waste management

Tags (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| eval time=strftime(_time,"%Y-%m-%d %H:%M")
| xyseries event time count

jeck11
Path Finder

Worked perfectly. TY!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...