Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to group records and find the max/min per group?

splunkos
New Member
‎01-22-2023 08:59 AM

Hello!

Can I ask something very basic as it will help me get started quickly?

How can I structure a query to:

1) group records by a [Field1]

2) calculate max and min [Date] for each group of the above (i.e. unique value of [Field1])

 3) calculate the difference between max and min [Date] from above

Thanks!

Labels (2)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎01-22-2023 09:41 AM

@splunkos - Easy below is how you can do that.

 

index=<search for your data>
| stats min(Date) as min_Date, max(Date) as max_Date BY Field1
``` stats command groups the data as you need. After the BY keyword is what you need to group with. Before the BY keyword is different functions you can use.```
| eval difference = max_Date - min_Date
``` Difference between max and min Date```

 

 

Here ``` is comments for your understanding ```

stats command reference - https://docs.splunk.com/Documentation/Splunk/9.0.3/SearchReference/Stats

eval command reference - https://docs.splunk.com/Documentation/Splunk/9.0.3/SearchReference/Eval 

 

I hope this helps!!! Kindly upvote if this helps!!!

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...