transpose the row to column

RSS_STT · ‎04-16-2025

I want to transpose the below row to column.

Host	drive_Name	utilization
aaa	D	20
bbb	D	30
aaa	E	60

want to covert above table result as below.

Host	D	E
aaa	20	60
bbb	30

PickleRick · ‎04-17-2025

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Xyseries

livehybrid · ‎04-17-2025

Hi @RSS_STT

Use a stats command like this:

| chart values(utilization) over Host by drive_Name

| makeresults count=3 
| streamstats count 
| eval Host=case(count=1 OR count=3, "aaa", count=2, "bbb"), 
       drive_Name=case(count=1 OR count=2, "D:", count=3, "E:"), 
       utilization=case(count=1, 20, count=2, 30, count=3, 60) 
| fields - count _time
| chart values(utilization) over Host by drive_Name

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

transpose the row to column

other

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

transpose the row to column

other

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR