Good day Splunkers,
I have this table example consisting of 4 fields naming (src_ip, start_time, time_delta, avg_bytes)
example:
src_ip
start_time
time_delta
avg_bytes
1.2.3.4
1405305768
5
123.45
Now for the question, is it possible to create a new set of rows based on the fields start_time and time_delta ? Where the number of this new rows is based on time_delta and the value of this row is start_time + 1 . Looking at my example, we would create 4 new rows (based on time_delta-1 ) the values of this rows would be 1405305768,1405305769,1405305770,1405305771,1405305772
src_ip
start_time
time_delta
avg_bytes
1.2.3.4
1405305768
5
123.45
1.2.3.4
1405305769
5
123.45
1.2.3.4
1405305770
5
123.45
1.2.3.4
1405305771
5
123.45
1.2.3.4
1405305772
5
123.45
I'm kinda lost now on my search, Is there a splunk search term for this kind of situation. It would be a great help.
Thanks !
... View more