Solved: How can I create a table with different fields fro...

naveenchappa · ‎11-21-2016

After we process a client file, we get event in splunk as shown in below snapshot.

From these events I want to build a table something like below.

Can someone please help?

Regards,
Naveen

cmerriman · ‎11-22-2016

....|stats values(ERP_WP_PAYSTATEMENTS) as ERP_WP_PAYSTATEMENTS values(CDM_WP_PAYSTATEMENTS) as CDM_WP_PAYSTATEMENTS values(CDM_EE_LIEN_COUNT) as CDM_EE_LIEN_COUNT values(ARFF_WP_PAYSTATEMENTS) as ARFF_WP_PAYSTATEMENTS values(ARFF_EE_LIEN_COUNT) as  ARFF_EE_LIEN_COUNT by TransactionId CLIENT_ID

This should work if the paystatement values are fields. otherwise we might have to create some regex statements.

View solution in original post

cmerriman · ‎11-22-2016

....|stats values(ERP_WP_PAYSTATEMENTS) as ERP_WP_PAYSTATEMENTS values(CDM_WP_PAYSTATEMENTS) as CDM_WP_PAYSTATEMENTS values(CDM_EE_LIEN_COUNT) as CDM_EE_LIEN_COUNT values(ARFF_WP_PAYSTATEMENTS) as ARFF_WP_PAYSTATEMENTS values(ARFF_EE_LIEN_COUNT) as  ARFF_EE_LIEN_COUNT by TransactionId CLIENT_ID

This should work if the paystatement values are fields. otherwise we might have to create some regex statements.

naveenchappa · ‎11-22-2016

Thank you @cmerriman it worked.

How can I create a table with different fields from different events?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor