Require Splunk query

khursheed · ‎09-28-2021

Hi

Below data is dynamic, sample input table is given below, rows are order may vary (for simplicity I have put the data in order to understand easily).

Input:

Feature Name	Browser Name	Result
Feature 1	B1	Pass
Feature 1	B1	Pass
Feature 1	B1	Pass
Feature 1	B1	Pass
Feature 1	B2	Fail
Feature 1	B2	Pass
Feature 1	B2	Pass
Feature 1	B2	Pass
Feature 1	B3	Pass
Feature 1	B3	Pass
Feature 1	B3	Pass
Feature 1	B3	Fail
Feature 1	B4	Pass
Feature 1	B4	Pass
Feature 1	B4	Fail
Feature 1	B4	Pass

Based on the above input table, output needs to be generated as listed below. Cumulative result needs to be generated based on the browser name and result for each feature. If any one of result fails on particular a browser, feature is considered failed.

Output:

Feature 1	B1	Pass
Feature 1	B2	Fail
Feature 1	B3	Fail
Feature 1	B4	Fail

Would you please help me to generate expected output as listed.

somesoni2 · ‎09-28-2021

Try something like this

Your Base search fetching fields "Feature Name","Browser Name",Result
| stats count(eval(Result="Fail")) as Result by "Feature Name","Browser Name"
| eval Result=if(Result>0,"Fail","Pass")

ITWhisperer · ‎09-28-2021

| stats values(Result) as Result by 'Browser Name' 'Feature Name'
| eval Result=mvindex(Result,0)

Require Splunk query

eval

stats

table

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

Require Splunk query

eval

stats

table

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...