Hi
I have Splunk messages that gives the information on course and student enrolled.
My sample message as follows
{
ID:1,
Course:Biology,
UserName:gsmith,
FirstName: George,
LastName:Smith,
NumOfCredits:3
},
{
ID:2,
Course:Biology,
UserName:mmuren,
FirstName: Mary,
LastName:Muren,
NumOfCredits:3
},
{
ID:3,
Course:Biology,
UserName:ksmith,
FirstName: Karen,
LastName:Smith,
NumOfCredits:3
}
And with my search
index=* Application=Course_Details | stats values(Course), values(UserName), values(FirstName), values(LastName), values(NumOfCredits) by ID
| table Course UserName FirstName LastName NumOfCredits
The result is something like this:
Course UserName FirstName LastName NumOfCredits
Biology gsmith George Smith 3
mmuren Mary Muren
ksmith Karen
The result that I am expecting is:
Course UserName FirstName LastName NumOfCredits
Biology gsmith George Smith 3
mmuren Mary Muren 3
ksmith Karen Smith 3
Tried using makemv but that did not work. Could you please help?
Thanks.
... View more