Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to count Max Sub-sequence of identical numbers...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ,
I need to calculate the maximum length of identical numbers
for example : 0,0,0,0,0,1,0,1,1,0,0 and search for the sequence of 0, the result should be 7 in this case
Anyone have any ideas how this could be accomplished?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I used the data you supplied in your example to populate a little table with a single row/field called digit. If we didn't have to account for wrapping around the end of the list (the way you get to 7 in your example), it would be really straightforward. But here's a code snippet that achieves what you laid out:
| makeresults
| eval digit="0,0,0,0,0,1,0,1,1,0,0"
| makemv delim="," digit
| mvexpand digit
| fields - _time
| streamstats count BY digit reset_on_change=true
| eventstats first(digit) AS first_digit, last(digit) AS last_digit
| eventstats max(count) AS max_count BY digit
| eventstats last(count) AS final_count
| eval total_count=if(first_digit=last_digit AND first_digit=digit, max_count+final_count, max_count)
| fields digit, total_count
You can adjust it for other digit lists by adjusting the second line - or customize it to match your data source by editing/removing the first five lines.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I used the data you supplied in your example to populate a little table with a single row/field called digit. If we didn't have to account for wrapping around the end of the list (the way you get to 7 in your example), it would be really straightforward. But here's a code snippet that achieves what you laid out:
| makeresults
| eval digit="0,0,0,0,0,1,0,1,1,0,0"
| makemv delim="," digit
| mvexpand digit
| fields - _time
| streamstats count BY digit reset_on_change=true
| eventstats first(digit) AS first_digit, last(digit) AS last_digit
| eventstats max(count) AS max_count BY digit
| eventstats last(count) AS final_count
| eval total_count=if(first_digit=last_digit AND first_digit=digit, max_count+final_count, max_count)
| fields digit, total_count
You can adjust it for other digit lists by adjusting the second line - or customize it to match your data source by editing/removing the first five lines.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you it works !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you give more examples to this? I can't see how you would get to 7 based on that data - maybe I'm missing something?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
because i want to count the sequence of zeroes the sequence goes like this:
the values:0,0,0,0,0,1,0,1,1,0,0,
the result : 3,4,5,6,7,-, 1,- ,-,1,2
the zeros at the start continues the zeroes at the end
each value is in a different row same column
Thanks for the Memories! Splunk University, .conf25, and our Community
Data Persistence in the OpenTelemetry Collector
Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever
