Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to show the most common non-null value in every field?

seajay1221
Engager
‎05-20-2022 02:47 PM

I have an index with ~200 fields and need to know the single most common non-null value for each field. How do I uncover that with Splunk?

In this example, I'd start here:

FruitsSizesIntegers
apple 1
bananalarge10
strawberry 3
apple 3
blueberrylarge2

 

And would aim to end up here:

FruitsSizesIntegers
applelarge3

 

I don't have a test query to share since I'm not sure how to begin approaching this, and haven't seen anything on the forum here that is a close match. Would greatly appreciate any insights into how to get this done!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-20-2022 11:58 PM

As @richgalloway  use the mode function - if you don't want to list all 200 fields on the stats command, try this

| stats mode(*) as *

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-20-2022 11:58 PM

As @richgalloway  use the mode function - if you don't want to list all 200 fields on the stats command, try this

| stats mode(*) as *
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-20-2022 05:13 PM

Try the stats command with the mode function.

| stats mode(Fruits) as Fruits, mode(Sizes) as Sizes, mode(Integers) as Integers

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...