Splunk Search

How can I get common values from data?

WXY
Path Finder

Now ,I want to get common values from data.
I use this command:

`index="new_1"  |stats list(oper_field)  as gn by department

Now ,I want to get a column to show values which count >=2

For example :
there have two "Model List" . I want to show it in another column

Please help me

alt text

0 Karma
1 Solution

thambisetty
SplunkTrust
SplunkTrust

| eventstats count by oper_field ,department| where count > 1 | stats list(oper_field) as gn by department

————————————
If this helps, give a like below.

View solution in original post

thambisetty
SplunkTrust
SplunkTrust

| eventstats count by oper_field ,department| where count > 1 | stats list(oper_field) as gn by department

————————————
If this helps, give a like below.

WXY
Path Finder

what do you need me to offer you, my data or a sample of the results is shown ?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Sample input and output

————————————
If this helps, give a like below.
0 Karma

WXY
Path Finder

Thank you!
Now I have another question,can you help me?
I want get data which accounted for the largest proportion . such as ,there are two "Model List" ,and all of data are three, the "Model List" is the largest proportion,what should I do?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Can you give me an example?

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...