- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to increment the field based on the previous v...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Splunkers,
I want to increment the fields value based on Some conditions as like below.
Limit | Change
10 | 0
10 | 0
10 | 0
20 | 1
20 | 1
05 | 2
05 | 2
15 | 3
15 | 3
Like above, I need to increment the value from previous value whenever there is a change in the Limit Column.
Thank You.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this
...| autoregress limit as limit_old | eval change=0 | autoregress change as change_old | eval change = if(limit=limit_old, change_old,change_old+1) | table limit change
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| makeresults | eval var="a,a,a,b,a,c,c,b" | makemv delim="," var | mvexpand var |sort var | streamstats count by var |table var count
|eval i=0 |eval count1=if(count==1,i,i+1)
|streamstats count(eval(count1==0)) as req_col
|table var req_col
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this
...| autoregress limit as limit_old | eval change=0 | autoregress change as change_old | eval change = if(limit=limit_old, change_old,change_old+1) | table limit change
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you for the solution, I am also struggling with the same problem for quite sometime.
given logic is not working when have a table with values changing between 0 and 1. I want to change the field value every time a even is fired
Limit Change ExpectedChange
1 0
1 0 0
2 1 1
2 0 1
1 1 2
2 1 3
1 1 4
2 1 5
1 1 6
2 1 7
1 1 8
2 1 9
2 0 9
2 0 9
2 0 9
2 0 9
I am using following code. Can you please help.
| sort localisation _time
| streamstats range(_time) as Duration window=2
| eval Duration1 = Duration/60
| eval limit = if(Duration1 < 1,1,2)
| autoregress limit as limit_old | eval change=0 | autoregress change as change_old | eval change = if(limit=limit_old, change_old,change_old+1) | table limit change
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You may have solved this by now but i just had the same problem so I'll post this here for anyone else who needs it.
...| autoregress limit as limit_old | eval change=0 | autoregress change as change_old | eval change = if(limit=limit_old, change_old,change_old+1) | table limit change | streamstats count(eval(change==1)) as conecutive_change
Troubleshooting the OpenTelemetry Collector
Adoption of Infrastructure Monitoring at Splunk
Modern way of developing distributed application using OTel
