Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Ranking Rows in a Table based on the count

kabiraj
Path Finder
‎06-03-2015 12:12 AM

I have a table containing two columns: Channel Name and Total views. I want to create another column using eval to rank these channels based on the counts of the Total Views.

e.g.

BBC Sport 1     5566     1
BBC Sport 2     3000     2
FOX HD          1134     3

and so on till the channel with least number of views.

First col - Channel Name, Second col - Total Views, Third Col - Rank. Can it be done in Splunk. Please reply.

Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

davebrooking
Contributor
‎06-03-2015 12:29 AM

You should be able to use the streamstats command to do this.

View solution in original post

Reply
Solved! Jump to solution

stephanefotso
Motivator
‎06-03-2015 12:30 AM

Can you be more specific? Your table has 5 columns. What is the rank and how do you get it?

SGF
0 Karma
Reply
Solved! Jump to solution
Solution

davebrooking
Contributor
‎06-03-2015 12:29 AM

You should be able to use the streamstats command to do this.

Reply
Solved! Jump to solution

kabiraj
Path Finder
‎06-03-2015 12:49 AM

Thanks davebrooking & sc0tt.

0 Karma
Reply
Solved! Jump to solution

kabiraj
Path Finder
‎06-03-2015 12:40 AM

Hi davebrooking. I don't want to show statistics for each event. I want to first sum up views count for a single channel using sum command, sort it in descending order and rank it from top to bottom based on the total views count for each channel.

0 Karma
Reply
Solved! Jump to solution

sc0tt
Builder
‎06-03-2015 12:44 AM

As @davebrooking mentioned, streamstats should be able to do this your search | sort -field | streamstats count

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...