Remove top from results

rhum_defintel · ‎03-05-2012

I want to remove the top results from my final results. Essentially, removing outliers.

altink · ‎08-22-2017

Hello

is there any development on this ?

remove top x rows from result

best regards
Altin

devin_stonecyph · ‎09-23-2014

landen99 · ‎08-08-2014

search | sort -field1 | head 20

yannK · ‎03-05-2012

if you want to filter the highest values, you can use a where condition, or an eval to normalize it.

example :

sourcetype=mysourcetype | where myfield < 100 | timechart max(myfield) by host

sourcetype=mysourcetype | eval myfield=if(myfield<100,myfield,0) | timechart max(myfield) by host

landen99 · ‎08-08-2014

grabs bottom 20 results

rhum_defintel · ‎03-08-2012

I want to remove the results that are listed in top.

Ayn · ‎03-05-2012

There's also a number of statistical functions available that might be suitable for you to use: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonStatsFunctions

rhum_defintel · ‎03-05-2012

I have a timechart that has spikes of data. I would like to remove those spikes so I can calculate an average.

Ayn · ‎03-05-2012

Give more details on what you want to achieve, preferrably with some sample events so we know more about how to solve the problem.

Join the Conversation