Solved: Display values of all fields in a row if one field...

karthikganduri · ‎12-15-2021

Hi All,

I am displaying the names based on dates and used where condition to display only values that are greater than 100 (where runs > 100 ). Below is how the table shows , but I want to display the other values in the row with actual value instead of showing it as empty.

| where runs > 100 | xyseries Name dayOfDate runs

Name	Date1	Date2	Date3	Date4	Date5
Sachi	101
Kohli			108
ABD		104		105

johnhuang · ‎12-15-2021

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

View solution in original post

richgalloway · ‎12-15-2021

Once the where command discards results, there's no getting them back. The query has to be written to exclude results where all runs values are <=100. Please share the full query and we can help you do that.

---
If this reply helps you, Karma would be appreciated.

johnhuang · ‎12-15-2021

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

karthikganduri · ‎12-16-2021

Thanks ..It worked 🙂

Display values of all fields in a row if one field value is greater than 100

other

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform