Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I use the transpose command header_field argument to reformat my table?

splk_clheureux
Explorer
‎12-22-2015 02:45 AM

I have a table from a timechart like this :

Month         LE11         LE12          LE41
January       1680         5218          1241
February      3949         3427          2850
March         3548         1307          6016

My goal is:

          January       February       March          
LE11      1680          3949           3548           
LE12      5218          3427           1307            
LE41      1241          2850           6016

I actually use a trick with rename to obtain correct columns names, but I think it makes my search longer (got 12 columns). I read on Splunk docs, there is a header_field option, but it seems like it doesn't work. I don't really understand how this option works.

Forgive my poor English, thanx a lot.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-23-2015 04:30 PM

Have you looked at untable and xyseries commands. You can achieve what you are looking for with these two commands

View solution in original post

Reply
Solved! Jump to solution

fdi01
Motivator
‎12-28-2015 01:34 AM

this link can help you Mr splk_clheureux
https://answers.splunk.com/answers/241080/how-to-rotate-a-table-using-transpose-remove-the-f.html

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-23-2015 04:30 PM

Have you looked at untable and xyseries commands. You can achieve what you are looking for with these two commands

Reply
Solved! Jump to solution

splk_clheureux
Explorer
‎12-28-2015 12:29 AM

Thank you but I tried these two commands and the problem is that they do not show the columns with values 0 or empty

0 Karma
Reply
Solved! Jump to solution

splk_clheureux
Explorer
‎12-28-2015 02:42 AM

This is work. Thank you

0 Karma
Reply
Solved! Jump to solution

jluo_splunk
Splunk Employee
Splunk Employee
‎12-23-2015 03:13 PM

Hi splk_clheureux,

The header_field option is actually meant to specify which field you would like to make your header field. For example, you are transposing your table such that the months are now the headers (or column names), when they were previously LE11, LE12, etc..

However, there may be a way to rename earlier in your search string. This depends on which commands you are using. Hope this helps!

0 Karma
Reply
Solved! Jump to solution

splk_clheureux
Explorer
‎12-28-2015 12:34 AM

Thank you for answer, I tried to use this option by setting header field=month but it doesn't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...