Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to subtract field values and have the result in a new field?

russell120
Communicator
‎09-20-2018 01:17 PM

Hi, please view my example csv.

file1.csv:

Apples  Bananas    Oranges    Grapes
50        44         83         121

I would like a new column that would show the difference in each field from left to right so that the table would then look like this:

Apples  Bananas    Oranges    Grapes    Delta
50        44         83         121       6 
                                         39
                                         38

What SPL could I use to accomplish this?? In the end, I intend to display the values in the Delta field as a line graph visualization across the values of the fruit while they're displayed as a bar graph. I know it doesn't make much sense logically but work with me here lol.

Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎09-21-2018 10:19 PM

@russell120,

If you have defined number of columns, then try

"your search" |eval Delta=abs(Apples-Bananas)."#".abs(Bananas-Oranges)."#".abs(Oranges-Grapes)|makemv delim="#" Delta
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎09-21-2018 10:19 PM

@russell120,

If you have defined number of columns, then try

"your search" |eval Delta=abs(Apples-Bananas)."#".abs(Bananas-Oranges)."#".abs(Oranges-Grapes)|makemv delim="#" Delta
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

harishalipaka
Motivator
‎09-20-2018 11:07 PM

hi @russell120

can u try like this 

|makeresults |eval  Apples=50,Bananas=44,Oranges=83,Grapes=121 |table  Apples Bananas Oranges Grapes|transpose |delta "row 1" as delta|transpose header_field=column |fields - column
Thanks
Harish
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...