Splunk Search

How can I get common values from data?

WXY
Path Finder

Now ,I want to get common values from data.
I use this command:

`index="new_1"  |stats list(oper_field)  as gn by department

Now ,I want to get a column to show values which count >=2

For example :
there have two "Model List" . I want to show it in another column

Please help me

alt text

0 Karma
1 Solution

thambisetty
Super Champion

| eventstats count by oper_field ,department| where count > 1 | stats list(oper_field) as gn by department

————————————
If this helps, give a like below.

View solution in original post

thambisetty
Super Champion

| eventstats count by oper_field ,department| where count > 1 | stats list(oper_field) as gn by department

————————————
If this helps, give a like below.

WXY
Path Finder

what do you need me to offer you, my data or a sample of the results is shown ?

0 Karma

thambisetty
Super Champion

Sample input and output

————————————
If this helps, give a like below.
0 Karma

WXY
Path Finder

Thank you!
Now I have another question,can you help me?
I want get data which accounted for the largest proportion . such as ,there are two "Model List" ,and all of data are three, the "Model List" is the largest proportion,what should I do?

0 Karma

thambisetty
Super Champion

Can you give me an example?

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...