×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
quirkyUnicorn28
Loves-to-Learn
Member since: ‎11-04-2020
‎11-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-04-2020
Activity Feed
View All

combine events based on a common field

by in Splunk Search
‎11-04-2020 03:24 PM
‎11-04-2020 03:24 PM
I have data being pushed onto Splunk in JSON format. What I am trying to do is combine events. For example, 2 events that have a common id should be merge onto one. So I have the following data: { studentid: 1234 studentGrade:{ Math:{ grade: "A"} } } { studentid: 1234 studentGrade:{ Physics:{ grade: "C"} } }   As seen, I'd like to create the 2 events into 1 based on the studentId. To end up with a result like the following: Student Id Math Physics 1234 A C   Thank you in advance, very new in Splunk and I found it difficult to merge events based on other requests Ids.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-05-2020 02:01 PM