how to have a timechart table group by columns

muthvin · ‎03-17-2016

Hi,

Please help me in creating a table with timechart grouped by columns:
_time Products Service

ProductA ProductB ProductC ServiceD ServiceE ServiceF
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa

woodcock · ‎03-20-2016

Very generally, like this:

... | timechart span=1d dc(*) values(*)

You can then trim back to use just the dc or values pieces that you need (I am not sure if you are counting or listing). Change 1d to whatever you need (this is 1 day).

nawneel · ‎03-17-2016

Can you be please more specific with question ? is this your sample set of data ??

debanjankundu · ‎03-18-2016

Can you please elaborate your quary to understand your question clearly

muthvin · ‎03-18-2016

I want a query to create a table with time stamp as column A
Products as column B and Services as Column C....then ColumnB (Products) should have 3 sub-column product A, B, c resp...like we use to have in Excel.

muthvin · ‎03-17-2016

Yes its just a sample data...

_time Products Services

ProductA Product B Product C ServiceA Service B Service C

how to have a timechart table group by columns

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Are you a member of the Splunk Community?

how to have a timechart table group by columns

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!