Solved: Re: How to subtract field values and have the resu...

russell120 · ‎09-20-2018

Hi, please view my example csv.

file1.csv:

Apples  Bananas    Oranges    Grapes
50        44         83         121

I would like a new column that would show the difference in each field from left to right so that the table would then look like this:

Apples  Bananas    Oranges    Grapes    Delta
50        44         83         121       6 
                                         39
                                         38

What SPL could I use to accomplish this?? In the end, I intend to display the values in the Delta field as a line graph visualization across the values of the fruit while they're displayed as a bar graph. I know it doesn't make much sense logically but work with me here lol.

renjith_nair · ‎09-21-2018

@russell120,

If you have defined number of columns, then try

"your search" |eval Delta=abs(Apples-Bananas)."#".abs(Bananas-Oranges)."#".abs(Oranges-Grapes)|makemv delim="#" Delta

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎09-21-2018

@russell120,

If you have defined number of columns, then try

"your search" |eval Delta=abs(Apples-Bananas)."#".abs(Bananas-Oranges)."#".abs(Oranges-Grapes)|makemv delim="#" Delta

---
What goes around comes around. If it helps, hit it with Karma 🙂

harishalipaka · ‎09-20-2018

hi @russell120

can u try like this

|makeresults |eval  Apples=50,Bananas=44,Oranges=83,Grapes=121 |table  Apples Bananas Oranges Grapes|transpose |delta "row 1" as delta|transpose header_field=column |fields - column

Thanks
Harish

How to subtract field values and have the result in a new field?

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector