Download topic as PDF
untable
Description
Converts results from a tabular format to a format similar to stats output. This command is the inverse of xyseries.
Syntax
untable <x-field> <y-name-field> <y-data-field>
Required arguments
- <x-field>
- Syntax: <field>
- Description: Field to be used as the x-axis.
- <y-name-field>
- Syntax: <field>
- Description: Field that contains the values to be used as labels for the data series.
- <y-data-field>
- Syntax: <field>
- Description: Field that contains the data to be charted.
Examples
1.
You have the following table results:
Name Value1 Value2 Value3 Value4 abc YES No Yes No xyz No Yes Yes No mno No Yes No No def Yes No Yes Yes
2. Reformat the search results
The following search uses the untable command to reformat the search results from the timechart command.
... | timechart avg(delay) AS avg_delay BY host | untable _time host avg_delay
See also
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has about using the untable command.
|
PREVIOUS uniq |
NEXT where |
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.12, 6.0.13, 6.0.14, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.2.0, 6.2.1, 6.2.10, 6.2.11, 6.2.13, 6.0.11, 4.3.1, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.12, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 6.2.14, 6.2.2
Feedback submitted, thanks!