Require Splunk query

khursheed · ‎09-28-2021

Hi

Below data is dynamic, sample input table is given below, rows are order may vary (for simplicity I have put the data in order to understand easily).

Input:

Feature Name	Browser Name	Result
Feature 1	B1	Pass
Feature 1	B1	Pass
Feature 1	B1	Pass
Feature 1	B1	Pass
Feature 1	B2	Fail
Feature 1	B2	Pass
Feature 1	B2	Pass
Feature 1	B2	Pass
Feature 1	B3	Pass
Feature 1	B3	Pass
Feature 1	B3	Pass
Feature 1	B3	Fail
Feature 1	B4	Pass
Feature 1	B4	Pass
Feature 1	B4	Fail
Feature 1	B4	Pass

Based on the above input table, output needs to be generated as listed below. Cumulative result needs to be generated based on the browser name and result for each feature. If any one of result fails on particular a browser, feature is considered failed.

Output:

Feature 1	B1	Pass
Feature 1	B2	Fail
Feature 1	B3	Fail
Feature 1	B4	Fail

Would you please help me to generate expected output as listed.

somesoni2 · ‎09-28-2021

Try something like this

Your Base search fetching fields "Feature Name","Browser Name",Result
| stats count(eval(Result="Fail")) as Result by "Feature Name","Browser Name"
| eval Result=if(Result>0,"Fail","Pass")

ITWhisperer · ‎09-28-2021

| stats values(Result) as Result by 'Browser Name' 'Feature Name'
| eval Result=mvindex(Result,0)

Require Splunk query

eval

stats

table

Splunk and TLS: It doesn't have to be too hard

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Join the Conversation

Require Splunk query

eval

stats

table

Splunk and TLS: It doesn't have to be too hard

Faster Insights with AI, Streamlined Cloud-Native Operations, and More New Lantern ...

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance