Splunk Search

Sorting top 10 values of one column base on the value of the other column.

sdhawanx
Path Finder

I have a search query that gives the supposed following results(just an example).

Name

WW

Name2

Result

Type

Value

Abc

50.5

Prod

Pass

A

1280

Xyz

47.2

Prod

Pass

Dr

Sound

Abc

51.3

Test

Fail

 

 

Def

8.2

Test

Fail

Td

Wifi

Def

44.2

Prod2

Pass

Gf

Printer

Xyz

6.2

Test1

Fail

Fr

Audio

Abc

451

Prod1

Pass

Cs

Audio

 

now i am required to sort out the results in such a way that the top 10 results for ABC as per WW are displayed first, then top 10 results for Def as per WW and so on. Can someone help me out to see if this is possible through queries. 

Labels (3)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust

What has this to do with regex?

Sort your table by Name (ascending) and WW (descending), then use streamstats to add a count by Name called row (for example), then a where clause where row < 11

| sort Name -WW
| streamstats count as row by Name
| where row < 11

View solution in original post

ITWhisperer
SplunkTrust
SplunkTrust

What has this to do with regex?

Sort your table by Name (ascending) and WW (descending), then use streamstats to add a count by Name called row (for example), then a where clause where row < 11

| sort Name -WW
| streamstats count as row by Name
| where row < 11

View solution in original post

sdhawanx
Path Finder

I am using Regex in my queries that are effecting the results in this table. but I was advised not to put the query here as it has some proprietary data, so i edited the question but I forgot to take to the regex tag.  Sorry missing that out.

0 Karma

sdhawanx
Path Finder

This works fine. Thanks for the help.  Cheers...

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!