Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I found max value of rex field?

user9025
Path Finder
‎04-27-2022 09:51 AM

I have a splunk event as follow:

request-id=123  STOP method TYPE=ABC, ID=[678] --- TIME_TAKEN=1281ms

I have lot of events like this and I want to find the max time taken.

I have query as :

****QUERY**** || rex field=_raw "TIME_TAKEN=(?<TIME_TAKEN>\d+)ms" | table TIME_TAKEN

Now I am able to get all Time value in table. But I dont want them in table but I just want the max entry out of this.How can i replace last operation so that I can max value from TIME_TAKEN in output.I dont need anything else

Labels (4)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2022 11:08 AM 
| stats max(TIME_TAKEN)

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2022 11:08 AM 
| stats max(TIME_TAKEN)
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...