Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to assign previous month's fetched result to current month's field?

spoo
Explorer
‎09-16-2022 01:31 AM

Considering 2022-06 as starting month, 
If month is 2022-07, i should assign 2022-06's corresponding field values " greater_6_mon" to 2022-07's field "prev" , likewise to 2022-08 as well

Here are my values :

month            prev          greater_6_mon
2022-06                                    26

2022-07                                      2

2022-08                                      1


expected result: (please suggest)

month            prev      greater_6_mon
2022-06            0             26

2022-07           26            2

2022-08            2              1

Labels (5)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎09-19-2022 11:19 PM

Your initial post didn't seem to have enough information, as you also want to do that by 'Team', in which case you will need to use streamstats, as @richgalloway states, however, you will need to modify it slightly to take account of the team split, i.e.

| streamstats window=1 current=f global=f first(greater_6_mon) as prev by team
| fillnull value=0 prev

View solution in original post

Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎09-19-2022 11:13 PM

Simplest option is

| autoregress greater_6_mon as prev
Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎09-19-2022 11:19 PM

Your initial post didn't seem to have enough information, as you also want to do that by 'Team', in which case you will need to use streamstats, as @richgalloway states, however, you will need to modify it slightly to take account of the team split, i.e.

| streamstats window=1 current=f global=f first(greater_6_mon) as prev by team
| fillnull value=0 prev
Reply
Solved! Jump to solution

spoo
Explorer
‎09-19-2022 11:58 PM

Thank you so much @bowesmana and @richgalloway . This worked perfectly as intended. Great learning!!

0 Karma
Reply
Solved! Jump to solution

spoo
Explorer
‎09-19-2022 11:07 PM

This worked fine but it is taking preceding value but I am expecting previous values of previous month. 
Example :
My values :

teammonthprevgreater_6_mon
A2022-07026
B2022-0702
C2022-0701
D2022-070

8

 

Expected :

teammonthprevgreater_6_mon
A2022-082616
B2022-08222
C2022-08121
D2022-08818



Here my greater_6mon of 2022-07 has been assigned to prev of 2022-08. Thats my intention to achieve.
Please suggest

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎09-16-2022 06:18 AM

Here's an untested idea

 

| streamstats window=2 first(greater_6_mon) as prev
| fillnull value=0 prev

The streamstats command computes stats on results as they're generated.  The window=2 option says to look only at the current event and the one preceding it.  The first function takes the greater_6_mon value from the previous event and stores it in the prev field of the current event.

 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

spoo
Explorer
‎09-19-2022 11:59 PM

Thank you soo much, worked according to my initial requirement.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...