Solved: How do I change the structure of the following tab...

AKG1_old1 · ‎12-04-2018

Hello,

My search query produce the table in below format.

_time                          Class                   Memory
2018-12-03 16:07:47             A                        19
2018-12-03 16:08:29             A                        18
2018-12-03 16:16:43             A                        20
2018-12-03 16:07:47             B                       111
2018-12-03 16:08:29             B                       120
2018-12-03 16:16:43             B                       105

I am looking to convert it in below format.

_time                            A               B   
2018-12-03 16:07:47             19              111
2018-12-03 16:08:29             18              120
2018-12-03 16:16:43             20              105

Search Query:

index=* sourcetype=jmap host=* | fields _time class bytes | eval MB= round(bytes/1000000,0) | stats values(MB) as Memory_MB  by _time,class | sort class | head 10 | fields _time class Memory_MB

Thanks

AKG1_old1 · ‎12-04-2018

index=* sourcetype=jmap host=* | fields _time class bytes | eval MB= round(bytes/1000000,0) | stats values(MB) as Memory_MB  by _time,class | sort class | head 10 | fields class Memory_MB | chart values(Memory_MB) as Memory by _time,class

View solution in original post

AKG1_old1 · ‎12-04-2018

index=* sourcetype=jmap host=* | fields _time class bytes | eval MB= round(bytes/1000000,0) | stats values(MB) as Memory_MB  by _time,class | sort class | head 10 | fields class Memory_MB | chart values(Memory_MB) as Memory by _time,class

How do I change the structure of the following table?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!