Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Updating based on column

jimjohn
Path Finder
‎03-05-2014 10:54 PM

Hi All,

I have a configured a folder to read csv files.
My csv files column will be in same format.
Consider I have 2 csv say 1 and 2.These excels are loaded into folder at different dates.
Example.
1.csv (loading date yesterday)
Id Status
1 DEV
2 QA
2.csv (loading date today)
Id Status
1 PROD
2 PROD

Instead of splunk showing all the data I want to show the last status of an Id.
Ie since the status of id's 1 and 2 are changed to PROD i want to show that status only.
Is it possible.
One option i can see is search the column with latest time.
Did we have any configuration we can set at data loading time itself to achieve this.

0 Karma
Reply

HiroshiSatoh
Champion
‎03-06-2014 02:39 AM

How is STATS?

・・・・|stats last(Status) as Status by Id

0 Karma
Reply

HiroshiSatoh
Champion
‎03-06-2014 03:44 AM

I'm sorry. It was FIRST.

・・・・|stats first(Status) as Status by Id

0 Karma
Reply

jimjohn
Path Finder
‎03-06-2014 03:15 AM

Yes it worked.Instead of last I give first.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...