Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I condense this search?

klsio
Explorer
‎02-02-2016 05:15 PM

I have this search

| eval max = round(max, 2)
| eval avg = round(avg, 2)
| eval median = round(median,2)
| eval min = round(min, 2)
.....

but I want to condense this search to just 1 line.

Can I do this?

0 Karma
Reply

renjith_nair
Legend
‎02-02-2016 08:07 PM

You can club it in your aggregation function itself.

Eg : 

index=*|stats count  as number by sourcetype
|chart eval(round(avg(number),2)) as avg,eval(round(max(number),2)) as max,eval(round(min(number),2)) as min
Happy Splunking!
Reply

klsio
Explorer
‎02-16-2016 04:57 AM

thank you for your answer.
And I found "foreach".

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...