Solved: Re: First Everyday

reverse · ‎09-09-2019

There are multiple CSVs which I generate on a daily basis.
Each CSV has some critical data & has 2 columns - _time & XX
I JOIN all CSVs to generate graphs.
The common column in each CSV is _time.

Now lets say I have 2 CSVs.

1 _time & XX 
2 _time & YY

I need to find earlier time and corresponding XX when yy=100 (first apperance)on a daily basis.. as CSVs are there since last 2 months with all the required data.

How can i achieve that ?

reverse · ‎09-10-2019

| eval mytime=strftime(_time, "%Y%m%d") 
| where x=100| dedup mytime
|sort _time | head 50

View solution in original post

reverse · ‎09-10-2019

| eval mytime=strftime(_time, "%Y%m%d") 
| where x=100| dedup mytime
|sort _time | head 50

reverse · ‎09-10-2019

| stats first(_time) by x | where x=100

Not working

First Everyday

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

Join the Conversation

First Everyday

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination