Solved: Re: Display values of all fields in a row if one f...

karthikganduri · ‎12-15-2021

Hi All,

I am displaying the names based on dates and used where condition to display only values that are greater than 100 (where runs > 100 ). Below is how the table shows , but I want to display the other values in the row with actual value instead of showing it as empty.

| where runs > 100 | xyseries Name dayOfDate runs

Name	Date1	Date2	Date3	Date4	Date5
Sachi	101
Kohli			108
ABD		104		105

johnhuang · ‎12-15-2021

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

View solution in original post

richgalloway · ‎12-15-2021

Once the where command discards results, there's no getting them back. The query has to be written to exclude results where all runs values are <=100. Please share the full query and we can help you do that.

---
If this reply helps you, Karma would be appreciated.

johnhuang · ‎12-15-2021

I think this is what you're asking for:

| eventstats MAX(runs) AS max_run BY Name
| where max_run > 100
| chart limit=20 MAX(runs) AS runs BY Name dayOfDate

karthikganduri · ‎12-16-2021

Thanks ..It worked 🙂

Display values of all fields in a row if one field value is greater than 100

other

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7