Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Compare the row values to the above row.

vinod743374
Communicator
‎07-10-2021 08:37 PM

Compare the row value with the above row value ,
if the above row value is grater than the  present row value, it should be replaced with the above value,
otherwise remains same.

vinod743374_0-1625974134313.png

i have a table like the above image,
you can observe date wise sum data , third row values should compare with the  second row , if it is grater than the above value it should replace with the higher value>

if anyone suggest me any other method , it would be also appreciated. 

i think you guys understand, what i requested ,

please help me out

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-11-2021 07:51 AM 
| streamstats max(*) as *

View solution in original post

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-11-2021 03:35 AM

Please can you clarify what would happen if a fourth row had value 4 in the second column, should this be replaced by 5 from row 3 or 7 from row 2 via row 3?

0 Karma
Reply
Solved! Jump to solution

vinod743374
Communicator
‎07-11-2021 07:37 AM

thanks for the response ,

yeah it should replaced by 7 only ,
it should replace with the higher value in the column.

if our 4th row has the highest value , it should remains same.
the same should work for all the rows.

thank you !!

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-11-2021 07:44 AM 
| streamstats max('Aaa Server-Arista') as "Aaa Server-Arista"
0 Karma
Reply
Solved! Jump to solution

vinod743374
Communicator
‎07-11-2021 07:49 AM

if possible , can't we generalize the query for all the rows. 

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎07-11-2021 07:51 AM 
| streamstats max(*) as *
Reply
Solved! Jump to solution

vinod743374
Communicator
‎07-11-2021 08:10 AM

It working ,
Thankyou so much !! 

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎07-10-2021 09:54 PM

@vinod743374 

Can you please try this?

Your_search
| streamstats window=2 earliest(A) as pre_A 
| eval A=if(pre_A>A,pre_A,A)

or

Your_search
| autoregress A as pre_A p=1
| eval A=if(pre_A>A,pre_A,A)

 

My Sample Search :

| makeresults | eval _raw="A	B	C
2	35	37
7	35	37
5	35	37" | multikv forceheader=1
| table _time A	B	C
| streamstats window=2 earliest(A) as pre_A 
| eval A=if(pre_A>A,pre_A,A)

 

| makeresults | eval _raw="A	B	C
2	35	37
7	35	37
5	35	37" | multikv forceheader=1
| table _time A	B	C
| autoregress A as pre_A p=1
| eval A=if(pre_A>A,pre_A,A)

 

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

Reply
Solved! Jump to solution

vinod743374
Communicator
‎07-11-2021 07:33 AM

thank you for the response <

with your query,
it replaces with the  the previous value ,
but in my case , it should return when ever the value is grater than the present value, otherwise it should remain same.

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...