I have a search:
sourcetype="my_data"| stats count by queue
which aggregates data in a table by the field **queue**.
It generates a table like this:
queue | count
queue_one | 1234
queue_two | 7823
(I've shown two rows in this result, but in practice, the number of rows may vary because I don't know what the aggregated keys will be in advance).
How can I adjust my search so that the table shows aggregated keys as column headers which are also extracted fields, with a single row showing the counts, like this:
queue_one | queue_two
1234 | 7823
Sorry, Splunk's Markdown page doesn't tell me how to create nicely formatted tables.
https://answers.splunk.com/static/markdown/help.html
↧