Solved: Re: How to transpose a table to make the values in...

crazyeva · ‎01-21-2016

orange table:

    a      b
    --------
    fld1   1
    fld2   2
    fld3   3
    fld4   4

I want to change it to:

    fld1     fld2     fld3     fld4
    --------------------------------
    1        2        3        4

Where 'fldx' are the header labels

However, using the transpose command results in:

    row1    row2    row3    row4
  ----------------------------------
    fld1     fld2     fld3     fld4
    1        2        3        4

How do I get the desired result?

javiergn · ‎01-21-2016

Try this:

yoursearch
| transpose header_field=a
| fields - column

View solution in original post

javiergn · ‎01-21-2016

Try this:

yoursearch
| transpose header_field=a
| fields - column

purnavenkatesh · ‎10-12-2016

Hi,
Thank You Very much. "transpose header_field=a" worked.

snayani · ‎06-25-2018

Hi,
transpose header_field=count doesn't work for me. Please help

javiergn · ‎06-26-2018

Hi, can you post here your search and give us more details about your data?

snayani · ‎06-26-2018

Hi, I tried this way and it worked:
search string ...... | transpose 5
| rename column as "Database Error Type", "row 1" as "Count"

crazyeva · ‎01-21-2016

awesome cool !
thank you very much !
I did not find 'header_field' argument in Search Reference v6.2.3. I need update it.
by the way I find a solution using xyseries command. but it's not so convenient as yours
Edit:
transpose's width up to only 1000
xyseries seams will breake the limitation
|eval tmp="anything"|xyseries tmp a b|fields - tmp

jimwilsonssf · ‎08-10-2018

OK I have been looking for an answer like this for days!!! Thank you!

marcoscala · ‎03-15-2016

Good job! Actually also in my case "xysersies" works better!

How to transpose a table to make the values in Column 1 the header labels?

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk