topic how can I get an aggregation like max() for multiple happenings over a diffenrent periods? in Splunk Search https://community.splunk.com/t5/Splunk-Search/how-can-I-get-an-aggregation-like-max-for-multiple-happenings/m-p/370198#M162095 <P>My results are in the following table:<BR /> happening time_duration Aufnahme zaehler_anzahl<BR /><BR /> 1 50.405 Tasche4 685<BR /> 2 48.414 Tasche3 629<BR /> 3 63.486 Tasche2 700<BR /> 4 50.392 Tasche1 618<BR /> 5 49.405 Tasche5 689<BR /> 6 49.348 Tasche4 614<BR /> 7 52.479 Tasche3 694<BR /> 8 49.379 Tasche2 647<BR /> 9 51.425 Tasche1 687<BR /> 10 50.437 Tasche5 638<BR /> 11 51.516 Tasche4 675<BR /> 12 62.422 Tasche3 681<BR /> 13 54.421 Tasche2 682 <BR /> Now I have the problem to get key-values for every happening followed by an amount of zaehler_anzahl. The curve in this period you will see in the following Picture.<BR /> <IMG src="https://community.splunk.com/storage/temp/229798-unbenannt.gif" alt="alt text" /><BR /> At the end I want to habe all these periods separate to do further analyses.<BR /> Thanks in advance for your help.<BR /> George</P> Tue, 29 Sep 2020 18:36:53 GMT GDude 2020-09-29T18:36:53Z how can I get an aggregation like max() for multiple happenings over a diffenrent periods? https://community.splunk.com/t5/Splunk-Search/how-can-I-get-an-aggregation-like-max-for-multiple-happenings/m-p/370198#M162095 <P>My results are in the following table:<BR /> happening time_duration Aufnahme zaehler_anzahl<BR /><BR /> 1 50.405 Tasche4 685<BR /> 2 48.414 Tasche3 629<BR /> 3 63.486 Tasche2 700<BR /> 4 50.392 Tasche1 618<BR /> 5 49.405 Tasche5 689<BR /> 6 49.348 Tasche4 614<BR /> 7 52.479 Tasche3 694<BR /> 8 49.379 Tasche2 647<BR /> 9 51.425 Tasche1 687<BR /> 10 50.437 Tasche5 638<BR /> 11 51.516 Tasche4 675<BR /> 12 62.422 Tasche3 681<BR /> 13 54.421 Tasche2 682 <BR /> Now I have the problem to get key-values for every happening followed by an amount of zaehler_anzahl. The curve in this period you will see in the following Picture.<BR /> <IMG src="https://community.splunk.com/storage/temp/229798-unbenannt.gif" alt="alt text" /><BR /> At the end I want to habe all these periods separate to do further analyses.<BR /> Thanks in advance for your help.<BR /> George</P> Tue, 29 Sep 2020 18:36:53 GMT https://community.splunk.com/t5/Splunk-Search/how-can-I-get-an-aggregation-like-max-for-multiple-happenings/m-p/370198#M162095 GDude 2020-09-29T18:36:53Z