How can I find values within a specific range/ mak...

agoktas · ‎10-13-2017

Hello,

We have the following search:
index="blah"
| stats values(Change), values(Volume), values(Price) by Symbol

Some results are too large or too small of a number range, so I want to fine tune the range.

How do I do this?

| stats values (Change){range=0.001:0.100}
???

How do I make sure each value meets the criteria of a particular range?

Thanks!

troyward · ‎10-13-2017

Not entirely sure I understand what you're trying to ask. The values command is just going to list the value that is already attached to that record. Are you wanting to not include a record that falls outside of that range? If that is the case, I would include that as part of your original search before it feeds into your stats function.

Your option is if you just want to change a value that falls outside of that range to something that does is again, before the stats function do an eval...

| eval Change = if(change < 0.001, 0.001, if (change > 0.1, 0.1, change))

agoktas · ‎10-13-2017

Hi troyward,

Thanks for your reply. Yes, that is correct.

| eval Change = if(change < 0.001, 0.001, if (change > 0.1, 0.1, change))
works perfect for the "Change" field.

I need it to apply to 3 total fields. If one doesn't match, then result should not show.

How do I do an eval on 3 different fields?

Perhaps...
| eval Change = if(change < 0.001, 0.001, if (change > 0.1, 0.1, change)), Volume = if(Volume < 0.002, 0.002, if (Volume > 1.0, 1.0, Volume)), Price = if(Price < 1.0, 1.0, if (Price > 0.001, 0.001, Price))

Or can you not simply comma separate the different fields for eval?

Thanks!

How can I find values within a specific range/ make sure each value meets the criteria of a particular range?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies