Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Compare and filter table results

bertzela
Engager
‎02-25-2019 10:00 AM

Given the table below:

VIP Group State
Primary_VIP Group1 Down
Backup_VIP Group1 Down
Primary_VIP Group3 Down
Backup_VIP Group4 Down

How can I filter the results to show only the events where both Primary and Backup VIPs are down in same group?

e.g.
I'd like to keep just:
VIP Group State
Primary_VIP Group1 Down
Backup_VIP Group1 Down

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-25-2019 11:00 AM

Give this a try

your current search giving current output with fields VIP Group State
| eval score=case(like(VIP,"Primary%") AND State="Down",1,like(VIP,"Backup%") AND State="Down",2, true(),0)
| eventstats sum(score) as score by Group 
| where score=3
| fields - VIPs score

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-25-2019 11:00 AM

Give this a try

your current search giving current output with fields VIP Group State
| eval score=case(like(VIP,"Primary%") AND State="Down",1,like(VIP,"Backup%") AND State="Down",2, true(),0)
| eventstats sum(score) as score by Group 
| where score=3
| fields - VIPs score
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...