https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346961#M102730 <P>Hey @sagar1905</P> <P>Try this</P> <PRE><CODE>.... my search | eval divide=case(D&lt;=8000,”Y”,D&gt;8000,”X”) | stats count by divide </CODE></PRE> <P>Let me know if this helps!</P> Sun, 17 Dec 2017 00:54:09 GMT mayurr98 2017-12-17T00:54:09Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346959#M102728 <P>I'm trying to divide my query into two parts, D&gt;8000 as X and D&lt;=8000 as Y, so i put it .... my search | eval count(if(D&lt;=8000)) AS Y, count(if(D&gt;8000)) AS X | transpose.................... but its not working. How do I divide it?</P> Sat, 16 Dec 2017 18:58:10 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346959#M102728 sagar1905 2017-12-16T18:58:10Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346960#M102729 <P>What does "it's not working" mean? What do you get for X and Y?</P> Sat, 16 Dec 2017 23:18:40 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346960#M102729 richgalloway 2017-12-16T23:18:40Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346961#M102730 <P>Hey @sagar1905</P> <P>Try this</P> <PRE><CODE>.... my search | eval divide=case(D&lt;=8000,”Y”,D&gt;8000,”X”) | stats count by divide </CODE></PRE> <P>Let me know if this helps!</P> Sun, 17 Dec 2017 00:54:09 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346961#M102730 mayurr98 2017-12-17T00:54:09Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346962#M102731 <P>Do you want these as separate fields or as one field with two values? </P> <P>To create one field with two values:</P> <PRE><CODE>...| eval two_parts=if(D&lt;=8000,”Y”,”X”)... </CODE></PRE> <P>To get separate fields:</P> <PRE><CODE>...|eval Y=if(D&lt;=8000,D,null())|eval X=if(D&gt;8000,D,null())... </CODE></PRE> Sun, 17 Dec 2017 04:38:25 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346962#M102731 cmerriman 2017-12-17T04:38:25Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346963#M102732 <P>The other answers look like they will accomplish what you want, but in terms of the syntax you started with I wonder if you're looking for this:</P> <PRE><CODE>stats count(eval(D&lt;=8000)) AS Y, count(eval(D&gt;8000)) AS X </CODE></PRE> Sun, 17 Dec 2017 04:51:21 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346963#M102732 micahkemp 2017-12-17T04:51:21Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346964#M102733 <P>Hey @mayurr98, it didn't work.<BR /> I got the following error <BR /> Error in 'eval' command: The expression is malformed. An unexpected character is reached at '”Y”,D&gt;8000,”X”)'.</P> Sun, 17 Dec 2017 23:40:55 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346964#M102733 sagar1905 2017-12-17T23:40:55Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346965#M102734 <P>Thanks micahkemp, this works. So I should have used eval instead of if.</P> Sun, 17 Dec 2017 23:43:57 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346965#M102734 sagar1905 2017-12-17T23:43:57Z https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346966#M102735 <P>Try this <BR /> .... my search | eval divide=if(D&lt;=8000,”Y”,”X”) | stats count by divide</P> Mon, 18 Dec 2017 04:46:59 GMT https://community.splunk.com/t5/Splunk-Search/How-do-divide-greater-than-and-less-than-in-splunk/m-p/346966#M102735 mayurr98 2017-12-18T04:46:59Z