Splunk Search

How to edit my transpose search to create one table with multiple lines?

kreekoor
Engager

Hi All,

I'm creating a dashboard containing a forecast for a number of expected calls.

Should look something like this.

Type      Date 1       Date 2        Date 3     ....      Date 8
X         100          87            34         ....      34  
Y         80           90            23 

The table the data is coming from looks something like:

Type Date     Number
X    Date 1   100
X    Date 2   87
X    Date 3   34
Y    Date 1   80
Y    Date 2   90
Y    Date 3   23

I'm able to create multiple tables looking like.

Type      Date 1       Date 2        Date 3     ....      Date 8
X         100          87            34         ....      34  

Type      Date 1       Date 2        Date 3     ....      Date 8
Y         80           90            23         ....      76

Etc.

Using this search:

index=xxx source="*xxx*" TYPE = "X" | table DATE TARGET | transpose 8 column_name=X header_field=DATE
index=xxx source="*xxx*" TYPE = "Y" | table DATE TARGET | transpose 8 column_name=Y header_field=DATE

This means the search has to run multiple times on the same dataset to provide the dashboard... It should be able to go easier, I think. Can anybody provide help? Many thanks in advance.

0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

Try this

index=xxx source="xxx" TYPE="X" OR TYPE="Y"  | xyseries TYPE DATE TARGET

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

Try this

index=xxx source="xxx" TYPE="X" OR TYPE="Y"  | xyseries TYPE DATE TARGET

kreekoor
Engager

Thank you very much! That's exactly what I need.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...