https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399190#M115740 <P>@vnravikumar , thanks for the response. I tried eventstats, and that does pull the data forward, but it also duplicates Type, rather than having 1 result per type.</P> Thu, 04 Apr 2019 19:02:47 GMT pmhelfrich 2019-04-04T19:02:47Z https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399188#M115738 <P>I am trying to create a table by counting rows, then doing a stats command on the results to determine the Avg, Max, and Min of those counts. I also want to pull 3 other values forward from the 1st stats command, that I want to remain untouched through the 2nd Stats command. </P> <P>Original data:</P> <BLOCKQUOTE> <PRE><CODE>Date Time | Filename | Transaction Count | Type 4/13/19 | abcde | 5 | T1 4/13/19 | efghi | 10 | T2 4/14/19 | jklmn | 17 | T1 4/14/19 | opqrs | 2 | T2 4/15/19 | tuvwx | 20 | T2 </CODE></PRE> </BLOCKQUOTE> <P>My query:</P> <PRE><CODE> | bucket _time span=1d | stats count avg(TRANS_COUNT) as AverageTransCount max(TRANS_COUNT) as MaxTransCount min(TRANS_COUNT) as MinTransCount by _time TYPE | table SERVICE_TYPE count AverageTransCount MaxTransCount MinTransCount | stats avg(count) as AverageFileCount max(count) as MaxFileCount min(count) as MinFileCount by TYPE | table TYPE AverageFileCount MaxFileCount MinFileCount AverageTransCount MaxTransCount MinTransCount </CODE></PRE> <P>When I run the two stats commands separately, they work, but I can't figure out how to pull " AverageTransCount MaxTransCount MinTransCount" forward to the final results.</P> <P>I'd like my results to look like so:</P> <PRE><CODE>| SERVICE_TYPE | AverageFileCount | MaxFileCount | MinFileCount | AverageTransCount | MaxTransCount | MinTransCount | </CODE></PRE> <P>All help is much appreciated!</P> Thu, 04 Apr 2019 18:41:45 GMT https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399188#M115738 pmhelfrich 2019-04-04T18:41:45Z https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399189#M115739 <P>Hi</P> <P>Try with eventstats</P> Thu, 04 Apr 2019 18:45:20 GMT https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399189#M115739 vnravikumar 2019-04-04T18:45:20Z https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399190#M115740 <P>@vnravikumar , thanks for the response. I tried eventstats, and that does pull the data forward, but it also duplicates Type, rather than having 1 result per type.</P> Thu, 04 Apr 2019 19:02:47 GMT https://community.splunk.com/t5/Splunk-Search/Stats-pulling-forward-data-into-table-results/m-p/399190#M115740 pmhelfrich 2019-04-04T19:02:47Z