Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I condense this search?

klsio
Explorer
‎02-02-2016 05:15 PM

I have this search

| eval max = round(max, 2)
| eval avg = round(avg, 2)
| eval median = round(median,2)
| eval min = round(min, 2)
.....

but I want to condense this search to just 1 line.

Can I do this?

0 Karma
Reply

renjith_nair
Legend
‎02-02-2016 08:07 PM

You can club it in your aggregation function itself.

Eg : 

index=*|stats count  as number by sourcetype
|chart eval(round(avg(number),2)) as avg,eval(round(max(number),2)) as max,eval(round(min(number),2)) as min
---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply

klsio
Explorer
‎02-16-2016 04:57 AM

thank you for your answer.
And I found "foreach".

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...