Splunk Search

Display values of all fields in a row if one field value is greater than 100

karthikganduri
Engager

Hi All,

I am displaying the names based on dates and used where condition to display only values that are greater than 100 (where runs  > 100 ).  Below is how the table shows , but I want to display the other values in the row with actual value instead of showing it as empty. 

| where runs > 100 | xyseries Name dayOfDate runs

NameDate1 Date2Date3Date4Date5
Sachi101    
Kohli  108  
ABD 104 105 

 

 

Labels (1)
0 Karma
1 Solution

johnhua
Builder

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Once the where command discards results, there's no getting them back.  The query has to be written to exclude results where all runs values are <=100.  Please share the full query and we can help you do that.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

johnhua
Builder

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

karthikganduri
Engager

Thanks ..It worked 🙂

Tags (1)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>