Splunk Search

Display values of all fields in a row if one field value is greater than 100

karthikganduri
Engager

Hi All,

I am displaying the names based on dates and used where condition to display only values that are greater than 100 (where runs  > 100 ).  Below is how the table shows , but I want to display the other values in the row with actual value instead of showing it as empty. 

| where runs > 100 | xyseries Name dayOfDate runs

NameDate1 Date2Date3Date4Date5
Sachi101    
Kohli  108  
ABD 104 105 

 

 

Labels (1)
0 Karma
1 Solution

johnhuang
Motivator

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Once the where command discards results, there's no getting them back.  The query has to be written to exclude results where all runs values are <=100.  Please share the full query and we can help you do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma

johnhuang
Motivator

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

karthikganduri
Engager

Thanks ..It worked 🙂

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...