https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384174#M112212 <P>See the <CODE>bin</CODE> command. </P> <P><A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Bin">https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Bin</A></P> <PRE><CODE> | bin TotalNoOfThreadsInGroup span=25 </CODE></PRE> <P>Alternately, you could do plain math... </P> <PRE><CODE> | eval TotalNoOfThreadsInGroup = 25*ceiling(TotalNoOfThreadsInGroup/25.00) </CODE></PRE> Tue, 18 Sep 2018 00:43:32 GMT DalJeanis 2018-09-18T00:43:32Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384171#M112209 <PRE><CODE>TransactionName=WPP* | stats count(TransactionStatus) as TOTAL count(eval(TransactionStatus == "true")) as SUCCESS count(eval(TransactionStatus == "false")) as FAILURE by TotalNoOfThreadsInGroup | where TotalNoOfThreadsInGroup=25 OR TotalNoOfThreadsInGroup=50 OR TotalNoOfThreadsInGroup=75 </CODE></PRE> <P>The above query gives the data for Thread groups 25,50,75 in each row.</P> <P>Ideally, the data i need should be like Threadgroup 1 to 25 as one row , 25 to 50 as another and 50 to 75 so on.</P> <P>Any Insight will be helpful.</P> <P>Thanks for looking.</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/5809i44EC6D37A2D4CE06/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> Mon, 17 Sep 2018 20:21:49 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384171#M112209 rsm1444 2018-09-17T20:21:49Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384172#M112210 <P>Hi rsm1444,</P> <P>have you tried:</P> <PRE><CODE> TransactionName=WPP* | stats count(TransactionStatus) as TOTAL count(eval(TransactionStatus == "true")) as SUCCESS count(eval(TransactionStatus == "false")) as FAILURE by TotalNoOfThreadsInGroup | where (TotalNoOfThreadsInGroup&gt;=1 OR TotalNoOfThreadsInGroup&lt;=25) OR (TotalNoOfThreadsInGroup&gt;=26 OR TotalNoOfThreadsInGroup&lt;=50) OR (TotalNoOfThreadsInGroup&gt;=51 OR TotalNoOfThreadsInGroup&lt;=75) </CODE></PRE> <P>Note that this does not overlap the thresholds like you asked for. </P> <P>cheers, MuS</P> Mon, 17 Sep 2018 20:31:28 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384172#M112210 MuS 2018-09-17T20:31:28Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384173#M112211 <P>Hi Mus,</P> <P>Thanks for the response. but Each threadgroup is showing up as 1 row. I need thread groups 1 to 25 consolidate to 1 row and 25 to 50 to another row and so on. Shown below is the attachment with the updated query you provided.</P> <P>Incase if you can't see the screen shot below. Please use the link</P> <P><A href="https://drive.google.com/file/d/1kcRez42vRb6ysb-kuDPoNqjRHW-ADosc/view?usp=sharing">https://drive.google.com/file/d/1kcRez42vRb6ysb-kuDPoNqjRHW-ADosc/view?usp=sharing</A></P> <P><IMG src="https://drive.google.com/file/d/1kcRez42vRb6ysb-kuDPoNqjRHW-ADosc/view?usp=sharing" alt="alt text" /></P> Mon, 17 Sep 2018 20:40:25 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384173#M112211 rsm1444 2018-09-17T20:40:25Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384174#M112212 <P>See the <CODE>bin</CODE> command. </P> <P><A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Bin">https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Bin</A></P> <PRE><CODE> | bin TotalNoOfThreadsInGroup span=25 </CODE></PRE> <P>Alternately, you could do plain math... </P> <PRE><CODE> | eval TotalNoOfThreadsInGroup = 25*ceiling(TotalNoOfThreadsInGroup/25.00) </CODE></PRE> Tue, 18 Sep 2018 00:43:32 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384174#M112212 DalJeanis 2018-09-18T00:43:32Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384175#M112213 <P>okay, got the question wrong. Look at the options @DalJeanis posted below vvv - I reckon <CODE>bin</CODE> will be the best option.</P> <P>cheers, MuS</P> Tue, 18 Sep 2018 01:20:40 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384175#M112213 MuS 2018-09-18T01:20:40Z https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384176#M112214 <P>Hi DalJeanis ,</P> <P>Thanks for the help</P> <P>Tried both options, Its still Not consolidating the data <BR /> Here is the screenshot with the bin option " bin TotalNoOfThreadsInGroup span=25" All 0-25 should consolidate to a single row</P> <P><span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/5808iB5E80B1C33126C86/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> <P>Since i don't have privileges to respond you with the image. I am replying here.</P> Tue, 18 Sep 2018 01:33:16 GMT https://community.splunk.com/t5/Splunk-Search/How-do-you-use-a-range-with-the-where-command/m-p/384176#M112214 rsm1444 2018-09-18T01:33:16Z