Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: Statistical Count from a lookup Table
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a look up csv file added, which looks like this,
The header contains subject names and student name, and then subsequent rows contain performances for each pupil
MATH ENGLISH NAME SCIENCE
good bad Timmy best
good good John better
better bad Alek good
good bad Priya good
beter best Arun best
The above table means Timmy is 'good' at MATH, 'bad' at ENGLISH and 'best' at SCIENCE.
SImilarly John is 'good' at MATH and ENGLISH and 'bad' at SCIENCE.
etc...
I want to know how many kids are good, bad and best at each subject.
in stats table and if possible in a visualization.
e.g. 3 kids are good at MATH(Timmy, JOHN , Priya)
2 kids are best at SCIENCE (Timmy, Arun)
My query starts like,
| inputlookup marks.csv
| stats ........
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here you go
| inputlookup marks.csv
| table NAME *
| untable NAME subject grade
| chart count over subject by grade
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here you go
| inputlookup marks.csv
| table NAME *
| untable NAME subject grade
| chart count over subject by grade
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it something you looking for?
|inputlookup marks.csv
| stats values(NAME) as students, count by ENGLISH
if yes, you can expand to other subjects
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are the subjects where the BEST count is less than 5 ?
i.e. What are those subjects' names where only 5 or less students perform as BEST.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is counting the header name too . How do I exclude that?
Also, I have a lot of subjects, more than 50, how can I see them all in one query ? Is it possible..
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
