Solved: How to filter out results where a field value is l...

ateterine · ‎08-09-2014

Hi Splunk community,

I have this query

source=main | 
transaction user_id | 
chart count as Attempts, count(eval(isp_event_type!="authentication_succeeded")) as Failed, count(eval(isp_event_type="authentication_succeeded")) as Success by isp_provider | 
eval percentage = round(Success / Attempts * 100, 1) | 
eval "Login Percentage" = tostring(percentage) + "%" | 
rename isp_provider as "ISP Provider" | 
sort "Login Percentage" |
fields "ISP Provider" Attempts "Login Percentage" flag

I need to filter out those results where Attempts<1 from the results table. What is the best way of doing that?
Thanks!

gauldridge · ‎08-09-2014

Have you tried adding | where Attempts>1 at the end of your search?

You could even place the where statement right after your chart section before doing any evals.

View solution in original post

gauldridge · ‎08-09-2014

Have you tried adding | where Attempts>1 at the end of your search?

You could even place the where statement right after your chart section before doing any evals.

ateterine · ‎08-10-2014

Thank you! I was missing a pipe when trying this before. Now it works!

How to filter out results where a field value is less than 1?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector