Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to use the values returned by mvindex in the query

anooshac
Communicator
‎02-01-2022 07:20 AM

Hi all,

I have a token "range" which is in the format 0-2, 2-5, 5-10, 10-100 .. I am splitting it by "-" and saving the the values as "minor" and "major". When i try to use those values in the query i am not able to get the results. The query is as follows.

search index= "abc" sourcetype="xyz"| eval range = "$time$"| eval temp=split(range,"-")| eval minor=mvindex(temp,0)| eval major=mvindex(temp,1)|search duration>minor AND duration<=major| table task duration URL

I am not able to display the table. Can anyone please help me in this.

Labels (3)
Labels
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Software-Simian
Path Finder
‎02-01-2022 07:57 AM

Try this out:

index=_audit source=audittrail sourcetype=audittrail info=completed
| eval range = "0-2"
| eval var = split(range,"-")
| eval low = mvindex(var,0)
| eval high = mvindex(var,1)
| eval total_run_time=round(total_run_time/60,2)
| stats sum(total_run_time) AS Total_Min by user low high
| where Total_Min>low AND Total_Min<high

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Software-Simian
Path Finder
‎02-01-2022 07:57 AM

Try this out:

index=_audit source=audittrail sourcetype=audittrail info=completed
| eval range = "0-2"
| eval var = split(range,"-")
| eval low = mvindex(var,0)
| eval high = mvindex(var,1)
| eval total_run_time=round(total_run_time/60,2)
| stats sum(total_run_time) AS Total_Min by user low high
| where Total_Min>low AND Total_Min<high

0 Karma
Reply
Solved! Jump to solution

anooshac
Communicator
‎02-01-2022 08:15 PM

thank you so much it is working properly now. Can you please tell me what was the mistake i did there?

0 Karma
Reply
Solved! Jump to solution

Software-Simian
Path Finder
‎02-01-2022 11:21 PM

Hi,

 

i assume that you did not get any results because you used search instead of where.

 

Try your code with "where"...might already do the trick.

 

Regards,

Mike

0 Karma
Reply
Solved! Jump to solution

anooshac
Communicator
‎02-02-2022 02:56 AM

Oh yes.. i used search.. thank you!

0 Karma
Reply
Solved! Jump to solution

Software-Simian
Path Finder
‎02-01-2022 07:35 AM

Hi,

 

one major question stands in the room. Is the content you apply split to:

0-2, 2-5, 5-10, 10-100

OR is it:

0-2

2-5

etc.

?

0 Karma
Reply
Solved! Jump to solution

anooshac
Communicator
‎02-01-2022 09:24 AM

I have to split 0-2 into 0 and 2. I just mentioned remaining as examples for the values for the token.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...