how to have a timechart table group by columns

muthvin · ‎03-17-2016

Hi,

Please help me in creating a table with timechart grouped by columns:
_time Products Service

ProductA ProductB ProductC ServiceD ServiceE ServiceF
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa
xxxx assaaa assaaa assaaa assaaa assaaa assaaa

woodcock · ‎03-20-2016

Very generally, like this:

... | timechart span=1d dc(*) values(*)

You can then trim back to use just the dc or values pieces that you need (I am not sure if you are counting or listing). Change 1d to whatever you need (this is 1 day).

nawneel · ‎03-17-2016

Can you be please more specific with question ? is this your sample set of data ??

debanjankundu · ‎03-18-2016

Can you please elaborate your quary to understand your question clearly

muthvin · ‎03-18-2016

I want a query to create a table with time stamp as column A
Products as column B and Services as Column C....then ColumnB (Products) should have 3 sub-column product A, B, c resp...like we use to have in Excel.

muthvin · ‎03-17-2016

Yes its just a sample data...

_time Products Services

ProductA Product B Product C ServiceA Service B Service C

how to have a timechart table group by columns

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

Are you a member of the Splunk Community?

how to have a timechart table group by columns

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025