- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I find values within a specific range/ make sure each value meets the criteria of a particular range?
Hello,
We have the following search:
index="blah"
| stats values(Change), values(Volume), values(Price) by Symbol
Some results are too large or too small of a number range, so I want to fine tune the range.
How do I do this?
| stats values (Change){range=0.001:0.100}
???
How do I make sure each value meets the criteria of a particular range?
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not entirely sure I understand what you're trying to ask. The values command is just going to list the value that is already attached to that record. Are you wanting to not include a record that falls outside of that range? If that is the case, I would include that as part of your original search before it feeds into your stats function.
Your option is if you just want to change a value that falls outside of that range to something that does is again, before the stats function do an eval...
| eval Change = if(change < 0.001, 0.001, if (change > 0.1, 0.1, change))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi troyward,
Thanks for your reply. Yes, that is correct.
| eval Change = if(change < 0.001, 0.001, if (change > 0.1, 0.1, change))
works perfect for the "Change" field.
I need it to apply to 3 total fields. If one doesn't match, then result should not show.
How do I do an eval on 3 different fields?
Perhaps...
| eval Change = if(change < 0.001, 0.001, if (change > 0.1, 0.1, change)), Volume = if(Volume < 0.002, 0.002, if (Volume > 1.0, 1.0, Volume)), Price = if(Price < 1.0, 1.0, if (Price > 0.001, 0.001, Price))
Or can you not simply comma separate the different fields for eval?
Thanks!
