Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I condense this search?

klsio
Explorer
‎02-02-2016 05:15 PM

I have this search

| eval max = round(max, 2)
| eval avg = round(avg, 2)
| eval median = round(median,2)
| eval min = round(min, 2)
.....

but I want to condense this search to just 1 line.

Can I do this?

0 Karma
Reply

renjith_nair
SplunkTrust
SplunkTrust
‎02-02-2016 08:07 PM

You can club it in your aggregation function itself.

Eg : 

index=*|stats count  as number by sourcetype
|chart eval(round(avg(number),2)) as avg,eval(round(max(number),2)) as max,eval(round(min(number),2)) as min
Happy Splunking!
Reply

klsio
Explorer
‎02-16-2016 04:57 AM

thank you for your answer.
And I found "foreach".

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...