Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to achieve this table representation in Splunk?

Sss
Path Finder
‎06-08-2023 11:42 PM

I have used savedsearch query as-

| savedsearch REPORT1
| stats list(COLUMN8) AS COLUMN 8 list(COLUMN 9) AS COLUMN 9 list(COLUMN 10) AS COLUMN 10 BY COLUMN1 COLUMN2 COLUMN3 COLUMN4 COLUMN5 COLUMN6 COLUMN7    

and i got something like this,(fig 1)

Sss_0-1686292493401.png

But I wanted this to be shown in the below format,(fig 2)

Sss_1-1686292858839.png

I could only get last 6 columns by using chart command like-

chart values(COLUMN8) AS Status OVER COLUMN 9 BY COLUMN 10

By using this chart command i could get this,(fig 3)

Sss_0-1686294119079.png

 

But I want this all together like in (fig 2)

Is there any other way where I can change my search query to get in this format,whether splunk supports combining both chart and stats commands.

 

 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-09-2023 12:28 AM 
| eval {COLUMN_10}=COLUMN_8
| fillnull value="_"
| stats list(*) AS * BY COLUMN_1 COLUMN_2 COLUMN_3 COLUMN_4 COLUMN_5 COLUMN_6 COLUMN_7
| fields - COLUMN_8 COLUMN_10

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-09-2023 12:28 AM 
| eval {COLUMN_10}=COLUMN_8
| fillnull value="_"
| stats list(*) AS * BY COLUMN_1 COLUMN_2 COLUMN_3 COLUMN_4 COLUMN_5 COLUMN_6 COLUMN_7
| fields - COLUMN_8 COLUMN_10
Reply
Solved! Jump to solution

Sss
Path Finder
‎06-09-2023 02:16 AM

thank you so much,it worked for me.

 

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎06-09-2023 12:52 AM

Ahhh. Can't get used to this {field} construct.

Still, multivalues fields displayed this way is a kind of "cheating" 😉 And it has a great potential of going haywire when you get multilined values in those fields.

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎06-09-2023 12:27 AM

With some clever tricks you might get the right side to display the "matrix" of ver/point values but there is no "merging" in splunk tables and you'd get repeated values in left columns.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎06-09-2023 12:09 AM

Hi @Sss,

it isn't possible to have a report like the one you like: Splunk isn't Excel.

You could ave a report like the one you like having a different row for each COLUMN9 and repeating all the values for all the columns, using something like this:

| savedsearch REPORT1
| stats 
   values(eval(if(COLUMN10="ver1",COLUMN8,"-") AS ver1
   values(eval(if(COLUMN10="ver2",COLUMN8,"-") AS ver2
   values(eval(if(COLUMN10="ver3",COLUMN8,"-") AS ver3
   values(eval(if(COLUMN10="ver4",COLUMN8,"-") AS ver4
   values(eval(if(COLUMN10="ver5",COLUMN8,"-") AS ver5
   BY COLUMN1 COLUMN2 COLUMN3 COLUMN4 COLUMN5 COLUMN6 COLUMN7 COLUMN9

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Sss
Path Finder
‎06-09-2023 02:03 AM

how can I display cell with its respective color say if COLUMN 7 has its value as red,how can I fill that particular cell as red in my xml code?

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎06-09-2023 02:13 AM

https://docs.splunk.com/Documentation/SplunkCloud/9.0.2303/Viz/TableFormatsFormatting
(It's for Cloud but the same applies to Splunk Enterprise).

Reply
Solved! Jump to solution

Sss
Path Finder
‎06-09-2023 12:10 AM

okay thank you,I will try with this.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...