Solved: How to subtract field values and have the result i...

russell120 · ‎09-20-2018

Hi, please view my example csv.

file1.csv:

Apples  Bananas    Oranges    Grapes
50        44         83         121

I would like a new column that would show the difference in each field from left to right so that the table would then look like this:

Apples  Bananas    Oranges    Grapes    Delta
50        44         83         121       6 
                                         39
                                         38

What SPL could I use to accomplish this?? In the end, I intend to display the values in the Delta field as a line graph visualization across the values of the fruit while they're displayed as a bar graph. I know it doesn't make much sense logically but work with me here lol.

renjith_nair · ‎09-21-2018

@russell120,

If you have defined number of columns, then try

"your search" |eval Delta=abs(Apples-Bananas)."#".abs(Bananas-Oranges)."#".abs(Oranges-Grapes)|makemv delim="#" Delta

Happy Splunking!

View solution in original post

renjith_nair · ‎09-21-2018

@russell120,

If you have defined number of columns, then try

"your search" |eval Delta=abs(Apples-Bananas)."#".abs(Bananas-Oranges)."#".abs(Oranges-Grapes)|makemv delim="#" Delta

Happy Splunking!

harishalipaka · ‎09-20-2018

hi @russell120

can u try like this

|makeresults |eval  Apples=50,Bananas=44,Oranges=83,Grapes=121 |table  Apples Bananas Oranges Grapes|transpose |delta "row 1" as delta|transpose header_field=column |fields - column

Thanks
Harish

How to subtract field values and have the result in a new field?

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases