Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I give same rank for same score?

LearningGuy
Builder
‎11-16-2023 01:44 PM

Hello,
How do I give same rank for same score?
Student d and e has the same score of 73, thus they both Rank 4, but student f has Rank 6. Rank 5 is skipped because Student d and e has the same score. 
Thank you for your help

Expected result:

StudentScoreRank
a1001
b952
c843
d734
e734
f546
g437
h378
i229
j1210

 

This is what I figured out so far, but i won't take into consideration of same Score

 

 

| makeresults format=csv data="Student, Score  
a,100 
b,95
c,84
d,73
e,73
f,54
g,43
h,37
i,22
j,12"
| streamstats count

 

 

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-16-2023 02:24 PM 
| streamstats count as Rank
| streamstats window=2 range(Score) as range
| eval Rank=if(Rank=1 OR range != 0, Rank, null())
| filldown Rank

View solution in original post

Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎11-16-2023 05:10 PM

@LearningGuy as I said in the other post - you can probably solve that problem 😁

and as usual, @ITWhisperer comes up with the perfect elegant solution!

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-16-2023 02:24 PM 
| streamstats count as Rank
| streamstats window=2 range(Score) as range
| eval Rank=if(Rank=1 OR range != 0, Rank, null())
| filldown Rank
Reply
Solved! Jump to solution

LearningGuy
Builder
‎11-16-2023 07:13 PM

Hello
I tried your suggestion and it worked. I accepted this solution and will try on real data.
1)  Can you explain what this eval for?
It looks like if range is 0, you replace the pos with NULL and fill down with previous value, except for position one?

| eval Rank=if(Rank=1 OR range != 0, Rank, null())

  
2) Would it be possible to use only 1 streamstats instead of 2 streamstats?  

Thank you so much for your help

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-17-2023 01:42 AM

1) If the Rank is 1, it needs to remain 1, or if there is a difference in values, the rank needs to remain the same (as it is already correct), otherwise, if there is no difference between the current and previous value, the rank should be the same as the previous rank. By setting it to null(), when the filldown happens, the rank is copied down to all positions with the same rank.

2) It is not possible to do with just one streamstats because the first streamstats has to operate over the whole pipeline, whereas the second has to operate with a (rolling) window of two events.

Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎11-17-2023 01:53 AM

2) Actually you can get away with just one streamstats. Replace the other one with autoregress. (But yes, it will still give you two separate passes across your results)

Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-17-2023 02:44 AM

Autoregress is the same as

| streamstats window=2 current=f last(Score) as Score_p1
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎11-17-2023 04:21 AM

Sure, it is. But it's formally a different command 😉

Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎11-16-2023 02:16 PM

From the top of my head. Untested, might need some tweaking.

| stats values(App) as App count by Score
| streamstats sum(count) as rank
| mvexpand App
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...