Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Get max version value based on another column
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
johnnykhoueiry
Explorer
08-09-2020
10:44 AM
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-09-2020
06:19 PM
index="my_index" sourcetype="version"
| stats count(deviceId) as countDevicesPerVersion by version
| eval PercentagesPerVersion=round((countDevicesPerVersion*100)/1152,2)
| rex field=version "(?<generation>\w\d)"
| table version, PercentagesPerVersion, generation
| eventstats max(PercentagesPerVersion) as max_perc values(generation) as gen by generation
| where gen=generation AND max_perc=PercentagesPerVersion
| eval versionNumber=replace(version,"R", "")
| sort - versionNumber
| fields - versionNumber gen max_perc
| table version PercentagesPerVersioneventstats is useful.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-09-2020
06:19 PM
index="my_index" sourcetype="version"
| stats count(deviceId) as countDevicesPerVersion by version
| eval PercentagesPerVersion=round((countDevicesPerVersion*100)/1152,2)
| rex field=version "(?<generation>\w\d)"
| table version, PercentagesPerVersion, generation
| eventstats max(PercentagesPerVersion) as max_perc values(generation) as gen by generation
| where gen=generation AND max_perc=PercentagesPerVersion
| eval versionNumber=replace(version,"R", "")
| sort - versionNumber
| fields - versionNumber gen max_perc
| table version PercentagesPerVersioneventstats is useful.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
impurush
Contributor
08-09-2020
03:43 PM
You can add the below line by replacing your comment(//Add something here)
|stats max(PercentagesPerVersion) by generation,versionthis will give the results like.
| generation | version | max(PercentagesPerVersion) |
Get Updates on the Splunk Community!
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
