Solved: How to write a search to convert columns to rows?

kpkvarma · ‎06-26-2016

I need to convert the following source data as a specified output.

Source Data

 API    SUCCESS    FAIL    POLICY    TOTAL
 x        2         3        4         9

Need a search to convert as following

 API    Measure    Count
  x     SUCCESS      2
  x      FAIL        3
  X     POLICY       4
  x      Total      9

Any inputs?

javiergn · ‎06-27-2016

I would just do it this way:

your search here
| untable API Measure Count

I replicated your use case with the following CSV:

API, SUCCESS, FAIL, POLICY, TOTAL
x, 2, 3, 4, 9

And tested it with the following query:

| inputcsv mycsv.csv
| untable API Measure Count

And the output is: see attached image.

javiergn · ‎06-27-2016

I would just do it this way:

your search here
| untable API Measure Count

I replicated your use case with the following CSV:

API, SUCCESS, FAIL, POLICY, TOTAL
x, 2, 3, 4, 9

And tested it with the following query:

| inputcsv mycsv.csv
| untable API Measure Count

And the output is: see attached image.

ashish9433 · ‎12-04-2017

This works @javiergn, thnxs

esix_splunk · ‎06-27-2016

You can work an iteration of stats, and then use the transpose command to work with this and format it how you want..

How to write a search to convert columns to rows?