Splunk Search

Remove Line from stats based on value of line

WindWalker
Engager

So I am writing a query and It all gets piped into stats at the end. There is a value that I want to use to remove lines from stats as the line item is unnecessary. I understand that by will list every item but I'm looking to remove particular lines based upon a certain condition as it will help cleanup my data. What im looking todo is I run a distinct_count on an item and then for every line that the dc result is 0, remove it from my results

Labels (1)
0 Karma
1 Solution

WindWalker
Engager

Just solved,

After calling my stats function

|stats <Whatever you have for stats>
| where <condition>

i just called where and it gave me the results im looking for

View solution in original post

0 Karma

WindWalker
Engager

Just solved,

After calling my stats function

|stats <Whatever you have for stats>
| where <condition>

i just called where and it gave me the results im looking for

0 Karma
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...