CODEWITHSUNDEEP
splunkgroup
Nisheeth
Nisheeth

Reputation: 281

Group data by date in Splunk

I have data that is displayed in Splunk query as below: (data for 3 column displayed in 3 separate rows)

|Date    |Tier 1|Tier 2|Tier 3
|1/1/2022|33|BLANK|BLANK        
|1/1/2022|BLANK |56|BLANK   
|1/1/2022|BLANK|BLANK|121
|1/2/2022|21|BLANK|BLANK        
|1/2/2022|BLANK |78|BLANK   
|1/2/2022|BLANK|BLANK|543

I need to display data as follows in the table

|Date    |Tier 1|Tier 2|Tier 3
|1/1/2022|33|56|121
|1/2/2022|21|78|543

Here's a small snippet of my query

|eval Tier1=(StatusCode>400)
|eval Tier2=(StatusCode>499)
|eval Tier3=(StatusCode>500)
| fields Date Tier1 Tier2 Tier3
| sort Date

Upvotes: 1

Views: 1994

Answers (1)

RichG
RichG

Reputation: 9906

To regroups the results, use the stats command.

| eval Tier1=(StatusCode>400)
| eval Tier2=(StatusCode>499)
| eval Tier3=(StatusCode>500)
| fields Date Tier1 Tier2 Tier3
| stats values(*) as * by Date

Upvotes: 1

Related Questions